Merge pull request #14 from finarkein/feature/VAPT-issue-4---UUID-for…

…mat-validation

Feature/VAPT issue- UUID format validation

fiul-rest/fiul-rest-notification/src/main/java/io/finarkein/fiul/controller/NotificationController.java

@@ -10,6 +10,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.finarkein.aa.registry.RegistryService;
+import io.finarkein.aa.validators.ArgsValidator;
 import io.finarkein.api.aa.exception.Errors;
 import io.finarkein.api.aa.exception.SystemException;
 import io.finarkein.api.aa.notification.ConsentNotification;
@@ -83,9 +84,8 @@ public ResponseEntity<Mono<NotificationResponse>> consentResponseMono(@RequestBo
             return ResponseEntity.badRequest().body(Mono.just(NotificationResponse.invalidResponse(consentNotification.getTxnid(), Timestamp.from(Instant.now()), e.getMessage())));
         }
 
-        if (!NotificationValidator.isValidUUID(consentNotification.getTxnid())) {
-            return ResponseEntity.badRequest().body(Mono.just(NotificationResponse.invalidResponse(consentNotification.getTxnid(), Timestamp.from(Instant.now()), "Invalid TxnId")));
-        }
+        ArgsValidator.isValidUUID(consentNotification.getTxnid(), consentNotification.getTxnid(), "TxnId");
+
         ConsentState consentState = consentService.getConsentStateByTxnId(consentNotification.getTxnid());
 
         if (consentState == null)
@@ -129,10 +129,8 @@ public ResponseEntity<Mono<NotificationResponse>> fiNotification(@RequestBody FI
             return ResponseEntity.badRequest().body(Mono.just(NotificationResponse.invalidResponse(fiNotification.getTxnid(),
                     Timestamp.from(Instant.now()), e.getMessage())));
         }
-        if (!NotificationValidator.isValidUUID(fiNotification.getTxnid())) {
-            return ResponseEntity.badRequest().body(Mono.just(NotificationResponse.invalidResponse(fiNotification.getTxnid(),
-                    Timestamp.from(Instant.now()), "Invalid TxnId")));
-        }
+        ArgsValidator.isValidUUID(fiNotification.getTxnid(), fiNotification.getTxnid(), "TxnId");
+
         Optional<FIRequestState> optionalFIRequestState = dataFlowService.getFIRequestStateByTxnId(fiNotification.getTxnid());
         if (optionalFIRequestState.isPresent()) {
             try {

fiul-rest/fiul-rest-notification/src/main/java/io/finarkein/fiul/validator/NotificationValidator.java

@@ -7,6 +7,7 @@
 package io.finarkein.fiul.validator;
 
 import io.finarkein.aa.registry.models.EntityInfo;
+import io.finarkein.aa.validators.ArgsValidator;
 import io.finarkein.aa.validators.BasicResponseValidator;
 import io.finarkein.api.aa.exception.Errors;
 import io.finarkein.api.aa.notification.ConsentNotification;
@@ -23,15 +24,6 @@
 public class NotificationValidator {
 
     private static final String REQUIRED_NOTIFIER_TYPE = "AA";
-    private static final Pattern UUID_REGEX_PATTERN =
-            Pattern.compile("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$");
-
-    public static boolean isValidUUID(String str) {
-        if (str == null || str.isEmpty()) {
-            return false;
-        }
-        return UUID_REGEX_PATTERN.matcher(str).matches();
-    }
 
     public static void validateConsentNotification(ConsentNotification consentNotification, ConsentState consentState,
                                                    EntityInfo entityInfo, boolean test, AaApiKeyBody aaApiKeyBody) {
@@ -48,8 +40,8 @@ public static void validateConsentNotification(ConsentNotification consentNotifi
         if (!consentNotification.getNotifier().getType().equals(REQUIRED_NOTIFIER_TYPE)) {
             throw Errors.InvalidRequest.with(consentNotification.getTxnid(), "Invalid Notifier type");
         }
-        if (!isValidUUID(consentNotification.getConsentStatusNotification().getConsentId()))
-            throw Errors.InvalidRequest.with(consentNotification.getTxnid(), "Consent Id is invalid");
+        ArgsValidator.isValidUUID(consentNotification.getTxnid(), consentNotification.getConsentStatusNotification().getConsentId(),
+                "ConsentId");
 
         if (!consentNotification.getConsentStatusNotification().getConsentHandle().equals(consentState.getConsentHandle()))
             throw Errors.InvalidRequest.with(consentNotification.getTxnid(), "ConsentHandle Id is invalid");

pom.xml

@@ -27,7 +27,7 @@
         <version.spring-webflux>5.3.8</version.spring-webflux>
         <version.maven-dependency-plugin>3.1.1</version.maven-dependency-plugin>
         <version.logger>2.14.0</version.logger>
-        <version.aa-commons>0.4.0</version.aa-commons>
+        <version.aa-commons>0.4.1</version.aa-commons>
 
         <version.maven-compiler>3.8.1</version.maven-compiler>
         <version.plugin-deploy>3.0.0-M1</version.plugin-deploy>