Merge pull request #1533 from corona-warn-app/fix/16X-into-17X

Merge release/1.6.x into release/1.7.x (DEV)

Merge pull request #1533 from corona-warn-app/fix/16X-into-17X
369ad8f9 · Matthias Urhahn · GitHub · ca608cdf · f7423fdc · 369ad8f9
Unverified Commit 369ad8f9 authored 4 years ago by Matthias Urhahn Committed by GitHub 4 years ago
--- a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/service/submission/QRScanResult.kt
+++ b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/service/submission/QRScanResult.kt
@@ -9,24 +9,19 @@ data class QRScanResult(val rawResult: String) {
    val guid: String? by lazy { extractGUID(rawResult) }
    private fun extractGUID(rawResult: String): String? {
-        if (rawResult.length > MAX_QR_CODE_LENGTH) return null
-        if (rawResult.count { it == GUID_SEPARATOR } != 1) return null
        if (!QR_CODE_REGEX.toRegex().matches(rawResult)) return null
-        val potentialGUID = rawResult.substringAfterLast(GUID_SEPARATOR, "")
+        val matcher = QR_CODE_REGEX.matcher(rawResult)
-        if (potentialGUID.isBlank() || potentialGUID.length > MAX_GUID_LENGTH) return null
+        return if (matcher.matches()) matcher.group(1) else null
-        return potentialGUID
    }
    companion object {
        // regex pattern for scanned QR code URL
-        val QR_CODE_REGEX: Pattern = Pattern.compile(
+        val QR_CODE_REGEX: Pattern = ("^" + // Match start of string
-            "^((^https:\\/{2}localhost)(\\/\\?)[A-Fa-f0-9]{6}" +
+            "(?:https:\\/{2}localhost)" + // Match `https://localhost`
-                    "[-][A-Fa-f0-9]{8}[-][A-Fa-f0-9]{4}[-][A-Fa-f0-9]{4}[-][A-Fa-f0-9]{4}[-][A-Fa-f0-9]{12})\$"
+            "(?:\\/{1}\\?)" + // Match the query param `/?`
-        )
+            "([a-f\\d]{6}[-][a-f\\d]{8}[-](?:[a-f\\d]{4}[-]){3}[a-f\\d]{12})" + // Match the UUID
-        const val GUID_SEPARATOR = '?'
+            "\$"
-        const val MAX_QR_CODE_LENGTH = 150
+            ).toPattern(Pattern.CASE_INSENSITIVE)
-        const val MAX_GUID_LENGTH = 80
    }
 }
--- a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/service/submission/ScanResultTest.kt
+++ b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/service/submission/ScanResultTest.kt
@@ -9,7 +9,12 @@ import org.junit.Before
 import org.junit.Test
 class ScanResultTest {
-    private val guid = "123456-12345678-1234-4DA7-B166-B86D85475064"
+    private val guidUpperCase = "123456-12345678-1234-4DA7-B166-B86D85475064"
+    private val guidLowerCase = "123456-12345678-1234-4da7-b166-b86d85475064"
+    private val guidMixedCase = "123456-12345678-1234-4dA7-b166-B86d85475064"
+    private val localhostUpperCase = "HTTPS://LOCALHOST/?"
+    private val localhostLowerCase = "https://localhost/?"
+    private val localhostMixedCase = "https://LOCALHOST/?"
    @MockK
    private lateinit var scanResult: QRScanResult
@@ -21,33 +26,72 @@ class ScanResultTest {
        every { scanResult.isValid } returns false
    }
+    private fun buildQRCodeCases(prefixString: String, guid: String, conditionToMatch: Boolean) {
+        scanResult = QRScanResult("$prefixString$guid")
+        scanResult.isValid shouldBe conditionToMatch
+    }
    @Test
    fun containsValidGUID() {
        // valid test
-        scanResult = QRScanResult("https://localhost/?$guid")
-        scanResult.isValid shouldBe true
+        buildQRCodeCases(localhostUpperCase, guidUpperCase, true)
+        buildQRCodeCases(localhostLowerCase, guidUpperCase, true)
+        buildQRCodeCases(localhostMixedCase, guidUpperCase, true)
+        buildQRCodeCases(localhostUpperCase, guidLowerCase, true)
+        buildQRCodeCases(localhostLowerCase, guidLowerCase, true)
+        buildQRCodeCases(localhostMixedCase, guidLowerCase, true)
+        buildQRCodeCases(localhostUpperCase, guidMixedCase, true)
+        buildQRCodeCases(localhostLowerCase, guidMixedCase, true)
+        buildQRCodeCases(localhostMixedCase, guidMixedCase, true)
+    }
+    @Test
+    fun containsInvalidGUID() {
+        //extra slashes should be invalid.
+        buildQRCodeCases("HTTPS:///LOCALHOST/?", guidUpperCase, false)
+        buildQRCodeCases("HTTPS://LOCALHOST//?", guidUpperCase, false)
+        buildQRCodeCases("HTTPS://LOCALHOST///?", guidUpperCase, false)
        // more invalid tests checks
-        scanResult = QRScanResult("http://localhost/?$guid")
+        buildQRCodeCases("http://localhost/?", guidUpperCase, false)
-        scanResult.isValid shouldBe false
+        buildQRCodeCases("https://localhost/?", "", false)
-        scanResult = QRScanResult("https://localhost/?")
+        buildQRCodeCases(
-        scanResult.isValid shouldBe false
+            "https://localhost/%20?3D6D08-3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA",
-        scanResult = QRScanResult("htps://wrongformat.com")
+            "",
-        scanResult.isValid shouldBe false
+            false
-        scanResult =
+        )
-            QRScanResult("https://localhost/%20?3D6D08-3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA")
+        buildQRCodeCases(
-        scanResult.isValid shouldBe false
+            "https://some-host.com/?3D6D08-3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA",
-        scanResult =
+            "",
-            QRScanResult("https://some-host.com/?3D6D08-3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA")
+            false
-        scanResult.isValid shouldBe false
+        )
-        scanResult = QRScanResult("https://localhost/?3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA")
+        buildQRCodeCases(
-        scanResult.isValid shouldBe false
+            "https://localhost/?3567F3F2-4DCF-43A3-8737-4CD1F87D6FDA",
-        scanResult = QRScanResult("https://localhost/?4CD1F87D6FDA")
+            "",
-        scanResult.isValid shouldBe false
+            false
+        )
+        buildQRCodeCases(
+            "https://localhost/?4CD1F87D6FDA",
+            "",
+            false
+        )
    }
    @Test
    fun extractGUID() {
-        QRScanResult("https://localhost/?$guid").guid shouldBe guid
+        QRScanResult("$localhostUpperCase$guidUpperCase").guid shouldBe guidUpperCase
+        QRScanResult("$localhostUpperCase$guidLowerCase").guid shouldBe guidLowerCase
+        QRScanResult("$localhostUpperCase$guidMixedCase").guid shouldBe guidMixedCase
+        QRScanResult("$localhostLowerCase$guidUpperCase").guid shouldBe guidUpperCase
+        QRScanResult("$localhostLowerCase$guidLowerCase").guid shouldBe guidLowerCase
+        QRScanResult("$localhostLowerCase$guidMixedCase").guid shouldBe guidMixedCase
+        QRScanResult("$localhostMixedCase$guidUpperCase").guid shouldBe guidUpperCase
+        QRScanResult("$localhostMixedCase$guidLowerCase").guid shouldBe guidLowerCase
+        QRScanResult("$localhostMixedCase$guidMixedCase").guid shouldBe guidMixedCase
    }
 }
--- a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/service/submission/SubmissionConstantsTest.kt
+++ b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/service/submission/SubmissionConstantsTest.kt
-package de.rki.coronawarnapp.service.submission
-import org.junit.Assert
-import org.junit.Test
-class SubmissionConstantsTest {
-    @Test
-    fun allSubmissionConstants() {
-        Assert.assertEquals(QRScanResult.MAX_QR_CODE_LENGTH, 150)
-        Assert.assertEquals(QRScanResult.MAX_GUID_LENGTH, 80)
-        Assert.assertEquals(QRScanResult.GUID_SEPARATOR, '?')
-    }
-}