-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Communication
: Fix encryption issue in push notifications
#10060
Communication
: Fix encryption issue in push notifications
#10060
Conversation
.../artemis/communication/service/notifications/push_notifications/PushNotificationService.java
Dismissed
Show dismissed
Hide dismissed
Warning There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure. 🔧 pmd (7.8.0)src/main/java/de/tum/cit/aet/artemis/communication/service/notifications/push_notifications/PushNotificationService.javaThe following rules are missing or misspelled in your ruleset file category/vm/bestpractices.xml: BooleanInstantiation, DontImportJavaLang, DuplicateImports, EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock, EmptyStatementNotInLoop, EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, EmptyWhileStmt, ExcessiveClassLength, ExcessiveMethodLength, ImportFromSamePackage, MissingBreakInSwitch, SimplifyBooleanAssertion. Please check your ruleset configuration. WalkthroughThe pull request modifies the Changes
Suggested labels
Suggested reviewers
Possibly related PRs
Tip CodeRabbit's docstrings feature is now available as part of our Early Access Program! Simply use the command Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
♻️ Duplicate comments (1)
src/main/java/de/tum/cit/aet/artemis/communication/service/notifications/push_notifications/PushNotificationService.java (1)
197-197
:⚠️ Potential issueSecurity: Replace CBC mode with GCM for better security
The current encryption algorithm (AES/CBC/PKCS5Padding) has known vulnerabilities:
- CBC mode is vulnerable to padding oracle attacks
- Requires careful IV handling to prevent chosen-plaintext attacks
Recommend switching to AES/GCM/NoPadding which provides:
- Authenticated encryption
- Protection against tampering
- No padding oracle vulnerabilities
Here's how to implement the change:
- var cipher = Cipher.getInstance(Constants.PUSH_NOTIFICATION_ENCRYPTION_ALGORITHM); + // Update the constant to use "AES/GCM/NoPadding" + var cipher = Cipher.getInstance("AES/GCM/NoPadding"); + // GCM requires a 12-byte nonce instead of IV + byte[] nonce = new byte[12]; + random.nextBytes(nonce); + GCMParameterSpec spec = new GCMParameterSpec(128, nonce); + cipher.init(Cipher.ENCRYPT_MODE, key, spec);Note: This change requires updating the decryption logic on the client side and handling the nonce similar to how the IV is currently handled.
🧹 Nitpick comments (1)
src/main/java/de/tum/cit/aet/artemis/communication/service/notifications/push_notifications/PushNotificationService.java (1)
203-205
: Enhance error logging for better debuggingWhile the error handling is comprehensive, the error message could be more specific to help with debugging encryption issues.
- log.error("Error encrypting push notification payload!", e); + log.error("Failed to encrypt push notification: {} (Key algorithm: {}, Key length: {} bits)", + e.getMessage(), + key.getAlgorithm(), + key.getEncoded().length * 8, + e);
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/main/java/de/tum/cit/aet/artemis/communication/service/notifications/push_notifications/PushNotificationService.java
(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
src/main/java/de/tum/cit/aet/artemis/communication/service/notifications/push_notifications/PushNotificationService.java (1)
Pattern src/main/java/**/*.java
: naming:CamelCase; principles:{single_responsibility,small_methods,no_duplication}; db:{perf_queries,datetime_not_timestamp}; rest:{stateless,singleton,delegate_logic,http_only,minimal_dtos}; dtos:{java_records,no_entities,min_data,single_resp}; di:constructor_injection; kiss:simple_code; file_handling:os_indep_paths; practices:{least_access,avoid_transactions,code_reuse,static_member_ref,prefer_primitives}; sql:{param_annotation,uppercase,avoid_subqueries};java:avoid_star_imports
.../artemis/communication/service/notifications/push_notifications/PushNotificationService.java
Show resolved
Hide resolved
Notifications
: Fix encryption issue in push notificationsCommunication
: Fix encryption issue in push notifications
Checklist
General
Server
Motivation and Context
Currently there is an issue that causes notifications to be encrypted wrongly. This is due to a race condition where multiple threads access the same instance of a cipher object and overwrite its initialization vector while others are still encrypting. This leads to notification payloads like this:
{"notificationPlaceholders":["Patterns in Software Engineering (WS24/25)","Test reserveFittingPEV requries us to use the @Spy annotation for stubbing the ReservationManager. However Mockito requires a no args constructor to be able to use the @Spy annotati?��2�?���ۂGP��&"���5Ɩ��˓)h�r�J��n|8��ǁ�ب��b�ߔ
Description
Instead of having a static reference to a single cipher, the cipher instance is now initialized per-notification removing the possibility of overlaps.
Steps for Testing
Prerequisites:
Testserver States
Note
These badges show the state of the test servers.
Green = Currently available, Red = Currently locked
Click on the badges to get to the test servers.
Review Progress
Code Review
Manual Tests
Test Coverage
TBD
Summary by CodeRabbit
Cipher
for each encryption operation.