Feature/settings verification (#137)

* Verify that we handle bad settings input.

* Remove unused imports.

* Add test for invalid inputs to fetchSettings() function

Author: didiergarcia

core/src/main/java/com/segment/analytics/kotlin/core/Settings.kt

@@ -86,19 +86,7 @@ suspend fun Analytics.checkSettings() {
 
     withContext(networkIODispatcher) {
         log("Fetching settings on ${Thread.currentThread().name}")
-        val settingsObj: Settings? = try {
-            val connection = HTTPClient(writeKey).settings(cdnHost)
-            val settingsString =
-                connection.inputStream?.bufferedReader()?.use(BufferedReader::readText) ?: ""
-            log("Fetched Settings: $settingsString")
-            LenientJson.decodeFromString(settingsString)
-        } catch (ex: Exception) {
-            Analytics.segmentLog(
-                "${ex.message}: failed to fetch settings",
-                kind = LogFilterKind.ERROR
-            )
-            null
-        }
+        val settingsObj: Settings? = fetchSettings(writeKey, cdnHost)
 
         withContext(analyticsDispatcher) {
             settingsObj?.let {
@@ -112,4 +100,21 @@ suspend fun Analytics.checkSettings() {
             store.dispatch(System.ToggleRunningAction(running = true), System::class)
         }
     }
+}
+
+internal fun Analytics.fetchSettings(
+    writeKey: String,
+    cdnHost: String
+): Settings? = try {
+    val connection = HTTPClient(writeKey).settings(cdnHost)
+    val settingsString =
+        connection.inputStream?.bufferedReader()?.use(BufferedReader::readText) ?: ""
+    log("Fetched Settings: $settingsString")
+    LenientJson.decodeFromString(settingsString)
+} catch (ex: Exception) {
+    Analytics.segmentLog(
+        "${ex.message}: failed to fetch settings",
+        kind = LogFilterKind.ERROR
+    )
+    null
 }

core/src/test/kotlin/com/segment/analytics/kotlin/core/SettingsTests.kt

@@ -13,10 +13,7 @@ import kotlinx.coroutines.test.runTest
 import kotlinx.serialization.Serializable
 import kotlinx.serialization.json.buildJsonObject
 import kotlinx.serialization.json.put
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Assertions.assertFalse
-import org.junit.jupiter.api.Assertions.assertNotNull
-import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import java.util.concurrent.atomic.AtomicInteger
@@ -178,4 +175,121 @@ class SettingsTests {
         analytics.track("track", buildJsonObject { put("direct", true) })
         assertEquals(1, eventCounter.get())
     }
+
+    @Test
+    fun `fetchSettings returns null when Settings string is invalid`() {
+        // Null on invalid JSON
+        mockHTTPClient("")
+        var settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("hello")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("#! /bin/sh")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("<!DOCTYPE html>")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("true")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("[]")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("}{")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("{{{{}}}}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null on invalid JSON
+        mockHTTPClient("{null:\"bar\"}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+    }
+
+    @Test
+    fun `fetchSettings returns null when parameters are invalid`() {
+        mockHTTPClient("{\"integrations\":{}, \"plan\":{}, \"edgeFunction\": {}, \"middlewareSettings\": {}}")
+
+        // empty host
+        var settings = analytics.fetchSettings("foo", "")
+        assertNull(settings)
+
+        // not a host name
+        settings = analytics.fetchSettings("foo", "http://blah")
+        assertNull(settings)
+
+        // emoji
+        settings = analytics.fetchSettings("foo", "😃")
+        assertNull(settings)
+    }
+
+    @Test
+    fun `fetchSettings returns null when Settings string is null for known properties`() {
+        // Null if integrations is null
+        mockHTTPClient("{\"integrations\":null}")
+        var settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if plan is null
+        mockHTTPClient("{\"plan\":null}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if edgeFunction is null
+        mockHTTPClient("{\"edgeFunction\":null}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if middlewareSettings is null
+        mockHTTPClient("{\"middlewareSettings\":null}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+    }
+
+    @Test
+    fun `known Settings property types must match json type`() {
+
+        // integrations must be a JSON object
+        mockHTTPClient("{\"integrations\":{}}")
+        var settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNotNull(settings)
+
+        // Null if integrations is a number
+        mockHTTPClient("{\"integrations\":123}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if integrations is a string
+        mockHTTPClient("{\"integrations\":\"foo\"}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if integrations is an array
+        mockHTTPClient("{\"integrations\":[\"foo\"]}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+
+        // Null if integrations is an emoji (UTF-8 string)
+        mockHTTPClient("{\"integrations\": 😃}")
+        settings = analytics.fetchSettings("foo", "cdn-settings.segment.com/v1")
+        assertNull(settings)
+    }
 }

core/src/test/kotlin/com/segment/analytics/kotlin/core/utils/Mocks.kt

@@ -42,13 +42,14 @@ fun spyStore(scope: TestScope, dispatcher: TestDispatcher): Store {
     every { store getProperty "updateQueue" } propertyType CoroutineContext::class returns dispatcher
     return store
 }
+val settingsDefault = """
+                {"integrations":{"Segment.io":{"apiKey":"1vNgUqwJeCHmqgI9S1sOm9UHCyfYqbaQ"}},"plan":{},"edgeFunction":{}}
+            """.trimIndent()
 
-fun mockHTTPClient() {
+fun mockHTTPClient(settings: String = settingsDefault) {
     mockkConstructor(HTTPClient::class)
     val settingsStream = ByteArrayInputStream(
-        """
-                {"integrations":{"Segment.io":{"apiKey":"1vNgUqwJeCHmqgI9S1sOm9UHCyfYqbaQ"}},"plan":{},"edgeFunction":{}}
-            """.trimIndent().toByteArray()
+        settings.toByteArray()
     )
     val httpConnection: HttpURLConnection = mockk()
     val connection = object : Connection(httpConnection, settingsStream, null) {}