From bc645c50bb18fb3b30a3ffaa74d042ce1ada616d Mon Sep 17 00:00:00 2001 From: Sean Owen Date: Sat, 9 Mar 2019 17:18:31 -0600 Subject: [PATCH] Small fixes, dep updates, removed warning about Android app, made web app params into annotations --- README.md | 12 --------- .../zxing/client/android/HttpHelper.java | 2 -- .../zxing/datamatrix/encoder/C40Encoder.java | 2 +- pom.xml | 9 +++---- .../com/google/zxing/web/ChartServlet.java | 4 +++ .../com/google/zxing/web/DecodeServlet.java | 14 ++++++++-- .../java/com/google/zxing/web/DoSFilter.java | 26 +++++++++++-------- .../google/zxing/web/DoSFilterTestCase.java | 10 +++++-- 8 files changed, 43 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 25d8f6941..749159a8c 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,6 @@ Only bug fixes and minor enhancements will be considered. The Barcode Scanner ap no longer be published, so it's unlikely any changes will be accepted for it. There is otherwise no active development or roadmap for this project. It is "DIY". -## Barcode Scanner app no longer available in Google Play Store - -The Barcode Scanner app targets API 19, and so can no longer be updated in the Google Play store. -Further, due to new restrictions on app permissions, Google has removed the app, as it does -require SMS-related permissions which are now highly restricted. - -The last .apk remains available at https://github.com/zxing/zxing/releases/tag/BS-4.7.8 -and may be freely redistributed by third parties. - -The work-alike "Barcode Scanner+" app remains available at -https://play.google.com/store/apps/details?id=com.srowen.bs.android as well. - ## Get Started Developing To get started, please visit: https://github.com/zxing/zxing/wiki/Getting-Started-Developing diff --git a/android/src/com/google/zxing/client/android/HttpHelper.java b/android/src/com/google/zxing/client/android/HttpHelper.java index 0ff5c1bea..ecdb496cb 100644 --- a/android/src/com/google/zxing/client/android/HttpHelper.java +++ b/android/src/com/google/zxing/client/android/HttpHelper.java @@ -34,8 +34,6 @@ import java.util.HashSet; */ public final class HttpHelper { - private static final String TAG = HttpHelper.class.getSimpleName(); - private static final Collection REDIRECTOR_DOMAINS = new HashSet<>(Arrays.asList( "amzn.to", "bit.ly", "bitly.com", "fb.me", "goo.gl", "is.gd", "j.mp", "lnkd.in", "ow.ly", "R.BEETAGG.COM", "r.beetagg.com", "SCN.BY", "su.pr", "t.co", "tinyurl.com", "tr.im" diff --git a/core/src/main/java/com/google/zxing/datamatrix/encoder/C40Encoder.java b/core/src/main/java/com/google/zxing/datamatrix/encoder/C40Encoder.java index c6298484a..b623a63e3 100644 --- a/core/src/main/java/com/google/zxing/datamatrix/encoder/C40Encoder.java +++ b/core/src/main/java/com/google/zxing/datamatrix/encoder/C40Encoder.java @@ -42,7 +42,7 @@ class C40Encoder implements Encoder { if (!context.hasMoreCharacters()) { //Avoid having a single C40 value in the last triplet StringBuilder removed = new StringBuilder(); - if ((buffer.length() % 3) == 2 && (available < 2 || available > 2)) { + if ((buffer.length() % 3) == 2 && available != 2) { lastCharSize = backtrackOneCharacter(context, buffer, removed, lastCharSize); } while ((buffer.length() % 3) == 1 && (lastCharSize > 3 || available != 1)) { diff --git a/pom.xml b/pom.xml index 6aefeb86e..d1a0064c1 100644 --- a/pom.xml +++ b/pom.xml @@ -179,7 +179,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.0.1 + 3.1.0 ${java.version} true @@ -219,9 +219,6 @@ org.apache.maven.plugins maven-install-plugin 3.0.0-M1 - - true - org.apache.maven.plugins @@ -323,7 +320,7 @@ org.apache.maven.plugins maven-surefire-plugin - 2.22.1 + 3.0.0-M3 0.5C @@ -461,7 +458,7 @@ com.puppycrawl.tools checkstyle - 8.16 + 8.18 diff --git a/zxingorg/src/main/java/com/google/zxing/web/ChartServlet.java b/zxingorg/src/main/java/com/google/zxing/web/ChartServlet.java index 4f6846f16..bdee82281 100644 --- a/zxingorg/src/main/java/com/google/zxing/web/ChartServlet.java +++ b/zxingorg/src/main/java/com/google/zxing/web/ChartServlet.java @@ -99,6 +99,10 @@ public final class ChartServlet extends HttpServlet { } String requestURI = request.getRequestURI(); + if (requestURI == null) { + response.sendError(HttpServletResponse.SC_BAD_REQUEST); + return; + } int lastDot = requestURI.lastIndexOf('.'); String imageFormat; if (lastDot > 0) { diff --git a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java index 39263892a..65ee067a9 100644 --- a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java +++ b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java @@ -70,6 +70,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebInitParam; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -87,7 +88,11 @@ import javax.servlet.http.Part; maxRequestSize = 1L << 26, // ~64MB fileSizeThreshold = 1 << 23, // ~8MB location = "/tmp") -@WebServlet(value = "/w/decode", loadOnStartup = 1) +@WebServlet(value = "/w/decode", loadOnStartup = 1, initParams = { + @WebInitParam(name = "maxAccessPerTime", value = "150"), + @WebInitParam(name = "accessTimeSec", value = "300"), + @WebInitParam(name = "maxEntries", value = "10000") +}) public final class DecodeServlet extends HttpServlet { private static final Logger log = Logger.getLogger(DecodeServlet.class.getName()); @@ -131,8 +136,13 @@ public final class DecodeServlet extends HttpServlet { log.info("Blocking URIs containing: " + blockedURLSubstrings); } + int maxAccessPerTime = Integer.parseInt(servletConfig.getInitParameter("maxAccessPerTime")); + int accessTimeSec = Integer.parseInt(servletConfig.getInitParameter("accessTimeSec")); + long accessTimeMS = TimeUnit.MILLISECONDS.convert(accessTimeSec, TimeUnit.SECONDS); + int maxEntries = Integer.parseInt(servletConfig.getInitParameter("maxEntries")); + timer = new Timer("DecodeServlet"); - destHostTracker = new DoSTracker(timer, 500, TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES), 10_000); + destHostTracker = new DoSTracker(timer, maxAccessPerTime, accessTimeMS, maxEntries); } @Override diff --git a/zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java b/zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java index 5ccf5266d..0586779b6 100644 --- a/zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java +++ b/zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java @@ -23,6 +23,7 @@ import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; +import javax.servlet.annotation.WebInitParam; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -36,20 +37,24 @@ import java.util.concurrent.TimeUnit; * * @author Sean Owen */ -@WebFilter({"/w/decode", "/w/chart"}) +@WebFilter(urlPatterns = {"/w/decode", "/w/chart"}, initParams = { + @WebInitParam(name = "maxAccessPerTime", value = "150"), + @WebInitParam(name = "accessTimeSec", value = "300"), + @WebInitParam(name = "maxEntries", value = "10000") +}) public final class DoSFilter implements Filter { - static final int MAX_ACCESS_PER_TIME = 500; - static final long ACCESS_TIME_MS = TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES); - static final int MAX_ENTRIES = 10_000; - private Timer timer; private DoSTracker sourceAddrTracker; @Override public void init(FilterConfig filterConfig) { + int maxAccessPerTime = Integer.parseInt(filterConfig.getInitParameter("maxAccessPerTime")); + int accessTimeSec = Integer.parseInt(filterConfig.getInitParameter("accessTimeSec")); + long accessTimeMS = TimeUnit.MILLISECONDS.convert(accessTimeSec, TimeUnit.SECONDS); + int maxEntries = Integer.parseInt(filterConfig.getInitParameter("maxEntries")); timer = new Timer("DoSFilter"); - sourceAddrTracker = new DoSTracker(timer, MAX_ACCESS_PER_TIME, ACCESS_TIME_MS, MAX_ENTRIES); + sourceAddrTracker = new DoSTracker(timer, maxAccessPerTime, accessTimeMS, maxEntries); timer.scheduleAtFixedRate( new TimerTask() { @Override @@ -75,10 +80,9 @@ public final class DoSFilter implements Filter { private boolean isBanned(HttpServletRequest request) { String remoteIPAddress = request.getHeader("x-forwarded-for"); - if (remoteIPAddress == null) { - remoteIPAddress = request.getRemoteAddr(); - } - return sourceAddrTracker.isBanned(remoteIPAddress); + return + (remoteIPAddress != null && sourceAddrTracker.isBanned(remoteIPAddress)) || + sourceAddrTracker.isBanned(request.getRemoteAddr()); } @Override @@ -88,4 +92,4 @@ public final class DoSFilter implements Filter { } } -} \ No newline at end of file +} diff --git a/zxingorg/src/test/java/com/google/zxing/web/DoSFilterTestCase.java b/zxingorg/src/test/java/com/google/zxing/web/DoSFilterTestCase.java index 1e5f48846..2ef336537 100644 --- a/zxingorg/src/test/java/com/google/zxing/web/DoSFilterTestCase.java +++ b/zxingorg/src/test/java/com/google/zxing/web/DoSFilterTestCase.java @@ -19,6 +19,7 @@ package com.google.zxing.web; import org.junit.Assert; import org.junit.Test; import org.springframework.mock.web.MockFilterChain; +import org.springframework.mock.web.MockFilterConfig; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -36,8 +37,13 @@ public final class DoSFilterTestCase extends Assert { request.setRemoteAddr("1.2.3.4"); HttpServletResponse response = new MockHttpServletResponse(); DoSFilter filter = new DoSFilter(); - filter.init(null); - for (int i = 0; i < DoSFilter.MAX_ACCESS_PER_TIME; i++) { + MockFilterConfig config = new MockFilterConfig(); + int maxAccessPerTime = 10; + config.addInitParameter("maxAccessPerTime", Integer.toString(maxAccessPerTime)); + config.addInitParameter("accessTimeSec", "60"); + config.addInitParameter("maxEntries", "100"); + filter.init(config); + for (int i = 0; i < maxAccessPerTime; i++) { filter.doFilter(request, response, new MockFilterChain()); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); }