MemoryOverwritingRequestHandler.java

1 
/**
2 
   Copyright 2019 Carlos Macasaet
3
4 
   Licensed under the Apache License, Version 2.0 (the "License");
5 
   you may not use this file except in compliance with the License.
6 
   You may obtain a copy of the License at
7
8 
       https://www.apache.org/licenses/LICENSE-2.0
9
10 
   Unless required by applicable law or agreed to in writing, software
11 
   distributed under the License is distributed on an "AS IS" BASIS,
12 
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 
   See the License for the specific language governing permissions and
14 
   limitations under the License.
15 
 */
16 
package com.macasaet.fernet.aws.secretsmanager.rotation;
17
18 
import java.nio.Buffer;
19 
import java.nio.ByteBuffer;
20 
import java.security.SecureRandom;
21
22 
import com.amazonaws.Request;
23 
import com.amazonaws.Response;
24 
import com.amazonaws.handlers.RequestHandler2;
25 
import com.amazonaws.services.secretsmanager.model.PutSecretValueRequest;
26
27 
/**
28 
 * This request handler makes a best effort to clear out sensitive data that was submitted to the AWS SDK after any
29 
 * response or error. The scope is limited to request objects. It does not account for any copies that may have been
30 
 * made by the SDK (e.g. by the marshalling process) nor any copies made by the JVM.
31 
 *
32 
 * <p>Copyright &copy; 2019 Carlos Macasaet.</p>
33 
 *
34 
 * @author Carlos Macasaet
35 
 */
36 
class MemoryOverwritingRequestHandler extends RequestHandler2 {
37
38 
    private final SecureRandom random;
39
40 
    public MemoryOverwritingRequestHandler(final SecureRandom random) {
41 
        super();
42 1 1. <init> : negated conditional → KILLED
 
        if (random == null) {
43 
            throw new IllegalArgumentException("random cannot be null");
44 
        }
45 
        this.random = random;
46 
    }
47
48 
    public void afterResponse(final Request<?> request, final Response<?> response) {
49 
        final Object requestObject = request.getOriginalRequestObject();
50 1 1. afterResponse : negated conditional → KILLED
 
        if (requestObject instanceof PutSecretValueRequest) {
51 
            final PutSecretValueRequest putRequest = (PutSecretValueRequest) requestObject;
52 1 1. afterResponse : removed call to com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::overwriteSecret → KILLED
 
            overwriteSecret(putRequest);
53 
        }
54 
    }
55
56 
    public void afterError(final Request<?> request, final Response<?> response, final Exception exception) {
57 
        final Object requestObject = request.getOriginalRequestObject();
58 1 1. afterError : negated conditional → KILLED
 
        if (requestObject instanceof PutSecretValueRequest) {
59 
            final PutSecretValueRequest putRequest = (PutSecretValueRequest) requestObject;
60 1 1. afterError : removed call to com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::overwriteSecret → KILLED
 
            overwriteSecret(putRequest);
61 
        }
62 
    }
63
64 
    @SuppressWarnings("PMD.LawOfDemeter")
65 
    protected void overwriteSecret(final PutSecretValueRequest putRequest) {
66 
        final ByteBuffer buffer = putRequest.getSecretBinary();
67 
        final byte[] bytes = new byte[buffer.capacity()];
68 
        getRandom().nextBytes(bytes);
69 
        ((Buffer)buffer).clear();
70 
        buffer.put(bytes);
71 
    }
72
73 
    protected SecureRandom getRandom() {
74 1 1. getRandom : mutated return of Object value for com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::getRandom to ( if (x != null) null else throw new RuntimeException ) → KILLED
 
        return random;
75 
    }
76
77 
}

Mutations

42

1.1
Location : <init>
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterResponseClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) negated conditional → KILLED
50

1.1
Location : afterResponse
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterResponseClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) negated conditional → KILLED
52

1.1
Location : afterResponse
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterResponseClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) removed call to com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::overwriteSecret → KILLED
58

1.1
Location : afterError
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterErrorClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) negated conditional → KILLED
60

1.1
Location : afterError
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterErrorClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) removed call to com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::overwriteSecret → KILLED
74

1.1
Location : getRandom
Killed by : com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest.verifyAfterResponseClearsSecret(com.macasaet.fernet.aws.secretsmanager.rotation.MemoryOverwritingRequestHandlerTest) mutated return of Object value for com/macasaet/fernet/aws/secretsmanager/rotation/MemoryOverwritingRequestHandler::getRandom to ( if (x != null) null else throw new RuntimeException ) → KILLED

Active mutators

Tests examined


Report generated by PIT 1.4.10