diff --git a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractor.kt b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractor.kt
index e05c6a6da773cb91a7df92ed8f0e298250054efd..f74aa2d8736ef1f73adba4bf0fead09fe931f3f7 100644
--- a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractor.kt
+++ b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractor.kt
@@ -40,16 +40,27 @@ class RapidAntigenQrCodeExtractor @Inject constructor() : QrCodeExtractor<Corona
}
private fun String.decode(): RawPayload {
- val decoded = if (
- this.contains("+") ||
- this.contains("/") ||
- this.contains("=")
- ) {
- BaseEncoding.base64().decode(this)
- } else {
- BaseEncoding.base64Url().decode(this)
+ val decoded = try {
+ if (
+ this.contains("+") ||
+ this.contains("/") ||
+ this.contains("=")
+ ) {
+ BaseEncoding.base64().decode(this)
+ } else {
+ BaseEncoding.base64Url().decode(this)
+ }
+ } catch (e: Exception) {
+ Timber.e(e)
+ throw InvalidQRCodeException("Unsupported encoding. Supported encodings are base64 and base64url.")
+ }
+
+ try {
+ return Gson().fromJson(decoded.commonToUtf8String())
+ } catch (e: Exception) {
+ Timber.e(e)
+ throw InvalidQRCodeException("Malformed payload.")
}
- return Gson().fromJson(decoded.commonToUtf8String())
}
private data class RawPayload(
diff --git a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQrCodeValidatorTest.kt b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQrCodeValidatorTest.kt
index 2d9478b797bb905bd6e88fab37518e52bd034c44..f9665d0af78f7a9f90b8e8157cd5d915f0e689af 100644
--- a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQrCodeValidatorTest.kt
+++ b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQrCodeValidatorTest.kt
@@ -1,6 +1,7 @@
package de.rki.coronawarnapp.coronatest.qrcode
import de.rki.coronawarnapp.coronatest.type.CoronaTest
+import io.kotest.assertions.throwables.shouldThrow
import io.kotest.matchers.shouldBe
import org.junit.jupiter.api.Test
import testhelpers.BaseTest
@@ -19,14 +20,20 @@ class CoronaTestQrCodeValidatorTest : BaseTest() {
}
@Test
- fun `invalid code throws exception`() {
+ fun `invalid prefix throws exception`() {
val invalidCode = "HTTPS://somethingelse/?123456-12345678-1234-4DA7-B166-B86D85475064"
val instance = CoronaTestQrCodeValidator(RapidAntigenQrCodeExtractor(), PcrQrCodeExtractor())
- return try {
+ shouldThrow<InvalidQRCodeException> {
instance.validate(invalidCode)
- false
- } catch (e: InvalidQRCodeException) {
- true
- } shouldBe true
+ }
+ }
+
+ @Test
+ fun `invalid json throws exception`() {
+ val invalidCode = "https://s.coronawarn.app/?v=1#eyJ0aW1lc3RhbXAiOjE2"
+ val instance = CoronaTestQrCodeValidator(RapidAntigenQrCodeExtractor(), PcrQrCodeExtractor())
+ shouldThrow<InvalidQRCodeException> {
+ instance.validate(invalidCode)
+ }
}
}
diff --git a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractorTest.kt b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractorTest.kt
index 459fff1d3ceb51ffacb9d2a6d1246e1ffe5aa298..43e945ad847cf0fee318e804e26371eaa091752b 100644
--- a/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractorTest.kt
+++ b/Corona-Warn-App/src/test/java/de/rki/coronawarnapp/coronatest/qrcode/RapidAntigenQrCodeExtractorTest.kt
@@ -59,4 +59,12 @@ class RapidAntigenQrCodeExtractorTest : BaseTest() {
fun `personal data is only valid if complete or completely missing`() {
shouldThrow<InvalidQRCodeException> { instance.extract(raQrIncompletePersonalData) }
}
+
+ @Test
+ fun `invalid json throws exception`() {
+ val invalidCode = "https://s.coronawarn.app/?v=1#eyJ0aW1lc3RhbXAiOjE2"
+ shouldThrow<InvalidQRCodeException> {
+ RapidAntigenQrCodeExtractor().extract(invalidCode)
+ }
+ }
}