Small fixes, dep updates, removed warning about Android app, made web app params into annotations

README.md

@@ -7,18 +7,6 @@ Only bug fixes and minor enhancements will be considered. The Barcode Scanner ap
 no longer be published, so it's unlikely any changes will be accepted for it.
 There is otherwise no active development or roadmap for this project. It is "DIY".
 
-## Barcode Scanner app no longer available in Google Play Store
-
-The Barcode Scanner app targets API 19, and so can no longer be updated in the Google Play store.
-Further, due to new restrictions on app permissions, Google has removed the app, as it does
-require SMS-related permissions which are now highly restricted.
-
-The last .apk remains available at https://github.com/zxing/zxing/releases/tag/BS-4.7.8 
-and may be freely redistributed by third parties.
-
-The work-alike "Barcode Scanner+" app remains available at 
-https://play.google.com/store/apps/details?id=com.srowen.bs.android as well.
-
 ## Get Started Developing
 
 To get started, please visit: https://github.com/zxing/zxing/wiki/Getting-Started-Developing

android/src/com/google/zxing/client/android/HttpHelper.java

@@ -34,8 +34,6 @@ import java.util.HashSet;
  */
 public final class HttpHelper {
 
-  private static final String TAG = HttpHelper.class.getSimpleName();
-
   private static final Collection<String> REDIRECTOR_DOMAINS = new HashSet<>(Arrays.asList(
     "amzn.to", "bit.ly", "bitly.com", "fb.me", "goo.gl", "is.gd", "j.mp", "lnkd.in", "ow.ly",
     "R.BEETAGG.COM", "r.beetagg.com", "SCN.BY", "su.pr", "t.co", "tinyurl.com", "tr.im"

core/src/main/java/com/google/zxing/datamatrix/encoder/C40Encoder.java

@@ -42,7 +42,7 @@ class C40Encoder implements Encoder {
       if (!context.hasMoreCharacters()) {
         //Avoid having a single C40 value in the last triplet
         StringBuilder removed = new StringBuilder();
-        if ((buffer.length() % 3) == 2 && (available < 2 || available > 2)) {
+        if ((buffer.length() % 3) == 2 && available != 2) {
           lastCharSize = backtrackOneCharacter(context, buffer, removed, lastCharSize);
         }
         while ((buffer.length() % 3) == 1 && (lastCharSize > 3 || available != 1)) {

pom.xml

@@ -179,7 +179,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-javadoc-plugin</artifactId>
-          <version>3.0.1</version>
+          <version>3.1.0</version>
           <configuration>
             <javadocVersion>${java.version}</javadocVersion>
             <quiet>true</quiet>
@@ -219,9 +219,6 @@
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-install-plugin</artifactId>
           <version>3.0.0-M1</version>
-          <configuration>
-            <createChecksum>true</createChecksum>
-          </configuration>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -323,7 +320,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-surefire-plugin</artifactId>
-          <version>2.22.1</version>
+          <version>3.0.0-M3</version>
           <configuration>
             <forkCount>0.5C</forkCount>
             <systemPropertyVariables>
@@ -461,7 +458,7 @@
             <dependency>
               <groupId>com.puppycrawl.tools</groupId>
               <artifactId>checkstyle</artifactId>
-              <version>8.16</version>
+              <version>8.18</version>
             </dependency>
           </dependencies>
         </plugin>

zxingorg/src/main/java/com/google/zxing/web/ChartServlet.java

@@ -99,6 +99,10 @@ public final class ChartServlet extends HttpServlet {
     }
 
     String requestURI = request.getRequestURI();
+    if (requestURI == null) {
+      response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+      return;
+    }
     int lastDot = requestURI.lastIndexOf('.');
     String imageFormat;
     if (lastDot > 0) {

zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java

@@ -70,6 +70,7 @@ import javax.servlet.ServletConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.annotation.MultipartConfig;
+import javax.servlet.annotation.WebInitParam;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -87,7 +88,11 @@ import javax.servlet.http.Part;
     maxRequestSize = 1L << 26, // ~64MB
     fileSizeThreshold = 1 << 23, // ~8MB
     location = "/tmp")
-@WebServlet(value = "/w/decode", loadOnStartup = 1)
+@WebServlet(value = "/w/decode", loadOnStartup = 1, initParams = {
+  @WebInitParam(name = "maxAccessPerTime", value = "150"),
+  @WebInitParam(name = "accessTimeSec", value = "300"),
+  @WebInitParam(name = "maxEntries", value = "10000")
+})
 public final class DecodeServlet extends HttpServlet {
 
   private static final Logger log = Logger.getLogger(DecodeServlet.class.getName());
@@ -131,8 +136,13 @@ public final class DecodeServlet extends HttpServlet {
       log.info("Blocking URIs containing: " + blockedURLSubstrings);
     }
 
+    int maxAccessPerTime = Integer.parseInt(servletConfig.getInitParameter("maxAccessPerTime"));
+    int accessTimeSec = Integer.parseInt(servletConfig.getInitParameter("accessTimeSec"));
+    long accessTimeMS = TimeUnit.MILLISECONDS.convert(accessTimeSec, TimeUnit.SECONDS);
+    int maxEntries = Integer.parseInt(servletConfig.getInitParameter("maxEntries"));
+
     timer = new Timer("DecodeServlet");
-    destHostTracker = new DoSTracker(timer, 500, TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES), 10_000);
+    destHostTracker = new DoSTracker(timer, maxAccessPerTime, accessTimeMS, maxEntries);
   }
 
   @Override

zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java

@@ -23,6 +23,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.annotation.WebInitParam;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -36,20 +37,24 @@ import java.util.concurrent.TimeUnit;
  *
  * @author Sean Owen
  */
-@WebFilter({"/w/decode", "/w/chart"})
+@WebFilter(urlPatterns = {"/w/decode", "/w/chart"}, initParams = {
+  @WebInitParam(name = "maxAccessPerTime", value = "150"),
+  @WebInitParam(name = "accessTimeSec", value = "300"),
+  @WebInitParam(name = "maxEntries", value = "10000")
+})
 public final class DoSFilter implements Filter {
 
-  static final int MAX_ACCESS_PER_TIME = 500;
-  static final long ACCESS_TIME_MS = TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES);
-  static final int MAX_ENTRIES = 10_000;
-
   private Timer timer;
   private DoSTracker sourceAddrTracker;
 
   @Override
   public void init(FilterConfig filterConfig) {
+    int maxAccessPerTime = Integer.parseInt(filterConfig.getInitParameter("maxAccessPerTime"));
+    int accessTimeSec = Integer.parseInt(filterConfig.getInitParameter("accessTimeSec"));
+    long accessTimeMS = TimeUnit.MILLISECONDS.convert(accessTimeSec, TimeUnit.SECONDS);
+    int maxEntries = Integer.parseInt(filterConfig.getInitParameter("maxEntries"));
     timer = new Timer("DoSFilter");
-    sourceAddrTracker = new DoSTracker(timer, MAX_ACCESS_PER_TIME, ACCESS_TIME_MS, MAX_ENTRIES);
+    sourceAddrTracker = new DoSTracker(timer, maxAccessPerTime, accessTimeMS, maxEntries);
     timer.scheduleAtFixedRate(
         new TimerTask() {
           @Override
@@ -75,10 +80,9 @@ public final class DoSFilter implements Filter {
 
   private boolean isBanned(HttpServletRequest request) {
     String remoteIPAddress = request.getHeader("x-forwarded-for");
-    if (remoteIPAddress == null) {
-      remoteIPAddress = request.getRemoteAddr();
-    }
-    return sourceAddrTracker.isBanned(remoteIPAddress);
+    return
+      (remoteIPAddress != null && sourceAddrTracker.isBanned(remoteIPAddress)) ||
+      sourceAddrTracker.isBanned(request.getRemoteAddr());
   }
 
   @Override
@@ -88,4 +92,4 @@ public final class DoSFilter implements Filter {
     }
   }
 
-}
+}

zxingorg/src/test/java/com/google/zxing/web/DoSFilterTestCase.java

@@ -19,6 +19,7 @@ package com.google.zxing.web;
 import org.junit.Assert;
 import org.junit.Test;
 import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
@@ -36,8 +37,13 @@ public final class DoSFilterTestCase extends Assert {
     request.setRemoteAddr("1.2.3.4");
     HttpServletResponse response = new MockHttpServletResponse();
     DoSFilter filter = new DoSFilter();
-    filter.init(null);
-    for (int i = 0; i < DoSFilter.MAX_ACCESS_PER_TIME; i++) {
+    MockFilterConfig config = new MockFilterConfig();
+    int maxAccessPerTime = 10;
+    config.addInitParameter("maxAccessPerTime", Integer.toString(maxAccessPerTime));
+    config.addInitParameter("accessTimeSec", "60");
+    config.addInitParameter("maxEntries", "100");
+    filter.init(config);
+    for (int i = 0; i < maxAccessPerTime; i++) {
       filter.doFilter(request, response, new MockFilterChain());
       assertEquals(HttpServletResponse.SC_OK, response.getStatus());
     }