-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new demo file #331
base: master
Are you sure you want to change the base?
new demo file #331
Conversation
} | ||
|
||
public static AmazonS3 getS3Client() { | ||
return AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code is written so that the client cannot be reused across invocations of the Lambda function.
To improve the performance of the Lambda function, consider using static initialization/constructor, global/static variables and singletons. It allows to keep alive and reuse HTTP connections that were established during a previous invocation.
Learn more about best practices for working with AWS Lambda functions.
final AmazonS3 s3Client = EventHandler.getS3Client(); | ||
logger.log("Processing Bucket: " + bucketName); | ||
|
||
ObjectListing files = s3Client.listObjects(bucketName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code might not produce accurate results if the operation returns paginated results instead of all results. Consider adding another call to check for additional results.
final AmazonS3 s3Client = EventHandler.getS3Client(); | ||
logger.log("Processing Bucket: " + bucketName); | ||
|
||
ObjectListing files = s3Client.listObjects(bucketName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code uses an outdated API. ListObjectsV2 is the revised List Objects API, and we recommend you use this revised API for new application developments.
|
||
long expirationTime = System.currentTimeMillis() + Duration.ofMinutes(1).toMillis(); | ||
while(System.currentTimeMillis() < expirationTime) { | ||
if (s3Client.doesObjectExist(Constants.SUMMARY_BUCKET, summaryUpdateName)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code appears to be waiting for a resource before it runs. You could use the waiters feature to help improve efficiency. Consider using ObjectExists or ObjectNotExists. For more information, see https://aws.amazon.com/blogs/developer/waiters-in-the-aws-sdk-for-java/
|
||
public String weakMessageEncryption(String message, String key) throws Exception { | ||
Cipher cipher = Cipher.getInstance("RSA"); | ||
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
String.getBytes
Using this method without an explicit charset/encoding causes the default character encoding of the JVM to be used for conversion from Java’s internal Unicode encoding to bytes. The system’s default encoding, which is used to determine the bytes for unsafe characters, might not always give correct results.
Solution:
Specify an encoding
(likely UTF-8
, which is backward compatible with ASCII and has multi-language support)
byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);
Cipher cipher = Cipher.getInstance("RSA"); | ||
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES"); | ||
cipher.init(Cipher.ENCRYPT_MODE, secretKey); | ||
return new String(cipher.doFinal(message.getBytes()), StandardCharsets.UTF_8); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
String.getBytes
Using this method without an explicit charset/encoding causes the default character encoding of the JVM to be used for conversion from Java’s internal Unicode encoding to bytes. The system’s default encoding, which is used to determine the bytes for unsafe characters, might not always give correct results.
Solution:
Specify an encoding
(likely UTF-8
, which is backward compatible with ASCII and has multi-language support)
byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);
try { | ||
processShipmentUpdates(logger); | ||
return "SUCCESS"; | ||
} catch (final Exception ex) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Problem: While re-throwing the caught exception with modifications , information about the caught exception is being lost, including information about the stack trace of the exception.
Fix: If the caught exception object does not contain sensitive information, consider passing it as the "rootCause" or inner exception parameter to the constructor of the new exception before throwing the new exception. (Note that not all exception constructors support inner exceptions. Use a wrapper exception that supports inner exceptions.)
Learn more
Suggested remediation:
Consider passing the exception object either as "rootCause" or as an inner exception parameter, to the constructor of the new exception before throwing new exception. This will help keep stack trace.
@@ -61,3 +61,3 @@
logger.log(String.format("Failed to process shipment Updates in %s due to %s", scheduledEvent.getAccount(), ex.getMessage()));
- throw new RuntimeException("Hiding the exception");
+ throw new RuntimeException("Hiding the exception", ex);
}
} | ||
|
||
public String weakMessageEncryption(String message, String key) throws Exception { | ||
Cipher cipher = Cipher.getInstance("RSA"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
It looks like your code uses a cipher object with an insecure transformation. To make your code more secure, use one of the following algorithms with a built-in integrity check: AES/GCM/NoPadding
or ChaCha20-Poly1305
.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.