Merge pull request #177 from IABTechLab/vse-UID2-4504-fix-unbounded-path-label-core

Fix unbounded path label

Author: vishalegbert-ttd

src/main/java/com/uid2/core/Main.java

@@ -7,6 +7,7 @@
 import com.uid2.core.service.AttestationService;
 import com.uid2.core.service.OperatorJWTTokenProvider;
 import com.uid2.core.vertx.CoreVerticle;
+import com.uid2.core.vertx.Endpoints;
 import com.uid2.shared.Const;
 import com.uid2.shared.Utils;
 import com.uid2.shared.attest.AttestationTokenService;
@@ -183,7 +184,8 @@ private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
                     .meterFilter(new PrometheusRenameFilter())
                     .meterFilter(MeterFilter.replaceTagValues(Label.HTTP_PATH.toString(), actualPath -> {
                         try {
-                            return HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            String normalized = HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            return Endpoints.pathSet().contains(normalized) ? normalized : "/unknown";
                         } catch (IllegalArgumentException e) {
                             return actualPath;
                         }

src/main/java/com/uid2/core/vertx/CoreVerticle.java

@@ -176,26 +176,26 @@ private Router createRoutesSetup() {
                 .allowedHeader("Content-Type"));
         router.route().failureHandler(new GenericFailureHandler());
 
-        router.post("/attest")
+        router.post(Endpoints.ATTEST.toString())
                 .handler(new AttestationFailureHandler())
                 .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
-        router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
-        router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
-        router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
-        router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
-        router.get("/key/keyset/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
-        router.get("/key/keyset-keys/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
-        router.get("/salt/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
-        router.get("/clients/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
-        router.get("/client_side_keypairs/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
-        router.get("/services/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
-        router.get("/service_links/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
-        router.get("/operators/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
-        router.get("/partners/refresh").handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
-        router.get("/ops/healthcheck").handler(this::handleHealthCheck);
+        router.get(Endpoints.CLOUD_ENCRYPTION_KEYS_RETRIEVE.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
+        router.get(Endpoints.SITES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_ACL_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_KEYS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.SALT_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENTS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENT_SIDE_KEYPAIRS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICE_LINKS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
+        router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
 
         if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
-            router.route("/attest/get_token").handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
+            router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
         }
 
         return router;

src/main/java/com/uid2/core/vertx/Endpoints.java

@@ -0,0 +1,39 @@
+package com.uid2.core.vertx;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public enum Endpoints {
+    OPS_HEALTHCHECK("/ops/healthcheck"),
+    ATTEST("/attest"),
+    ATTEST_GET_TOKEN("/attest/get_token"),
+    CLOUD_ENCRYPTION_KEYS_RETRIEVE("/cloud_encryption_keys/retrieve"),
+    SITES_REFRESH("/sites/refresh"),
+    KEY_REFRESH("/key/refresh"),
+    KEY_ACL_REFRESH("/key/acl/refresh"),
+    KEY_KEYSET_REFRESH("/key/keyset/refresh"),
+    KEY_KEYSET_KEYS_REFRESH("/key/keyset-keys/refresh"),
+    SALT_REFRESH("/salt/refresh"),
+    CLIENTS_REFRESH("/clients/refresh"),
+    CLIENT_SIDE_KEYPAIRS_REFRESH("/client_side_keypairs/refresh"),
+    SERVICES_REFRESH("/services/refresh"),
+    SERVICE_LINKS_REFRESH("/service_links/refresh"),
+    OPERATORS_REFRESH("/operators/refresh"),
+    PARTNERS_REFRESH("/partners/refresh");
+
+    private final String path;
+
+    Endpoints(final String path) {
+        this.path = path;
+    }
+
+    public static Set<String> pathSet() {
+        return Stream.of(Endpoints.values()).map(Endpoints::toString).collect(Collectors.toSet());
+    }
+
+    @Override
+    public String toString() {
+        return path;
+    }
+}