Fix key transparency monitor request position validation

2025-12-05 01:10:13 +00:00 · 2025-10-29 16:34:33 -04:00
parent 3116913378
commit 0f950917d8
2 changed files with 11 additions and 10 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/KeyTransparencyMonitorRequest.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/KeyTransparencyMonitorRequest.java
@@ -14,6 +14,7 @@ import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Positive;
 import java.util.Optional;
+import jakarta.validation.constraints.PositiveOrZero;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import org.whispersystems.textsecuregcm.util.ByteArrayBase64UrlAdapter;
@@ -49,7 +50,7 @@ public record KeyTransparencyMonitorRequest(
      AciServiceIdentifier value,

      @Schema(description = "A log tree position maintained by the client for the aci.")
-      @Positive
+      @PositiveOrZero
      long entryPosition,

      @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
@@ -66,7 +67,7 @@ public record KeyTransparencyMonitorRequest(
      String value,

      @Schema(description = "A log tree position maintained by the client for the e164.")
-      @Positive
+      @PositiveOrZero
      long entryPosition,

      @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
@@ -87,7 +88,7 @@ public record KeyTransparencyMonitorRequest(
      byte[] value,

      @Schema(description = "A log tree position maintained by the client for the username hash.")
-      @Positive
+      @PositiveOrZero
      long entryPosition,

      @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyControllerTest.java
@@ -331,7 +331,7 @@ public class KeyTransparencyControllerTest {
    try (Response response = request.post(Entity.json(
        createRequestJson(
            new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI,3, COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 0, COMMITMENT_INDEX),
                Optional.empty(), Optional.empty(), 3L, 4L))))) {
      assertEquals(200, response.getStatus());

@@ -414,8 +414,8 @@ public class KeyTransparencyControllerTest {
        Arguments.argumentSet("aci monitor fields can't be null - null commitment index", createRequestJson(
            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, null),
                Optional.empty(), Optional.empty(), 3L, 4L))),
-        Arguments.argumentSet("aciPosition must be positive", createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 0, COMMITMENT_INDEX),
+        Arguments.argumentSet("aciPosition must be non-negative", createRequestJson(new KeyTransparencyMonitorRequest(
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, -1, COMMITMENT_INDEX),
            Optional.empty(), Optional.empty(), 3L, 4L))),
        Arguments.argumentSet("aci commitment index must be the correct size - too small", createRequestJson(new KeyTransparencyMonitorRequest(
            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, new byte[0]),
@@ -438,12 +438,12 @@ public class KeyTransparencyControllerTest {
                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH, 5, null)),
                3L, 4L))),
-        Arguments.argumentSet("usernameHashPosition must be positive", createRequestJson(
+        Arguments.argumentSet("usernameHashPosition must be non-negative", createRequestJson(
            new KeyTransparencyMonitorRequest(
                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
                Optional.empty(),
                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH,
-                    0, COMMITMENT_INDEX)), 3L, 4L))),
+                    -1, COMMITMENT_INDEX)), 3L, 4L))),
        Arguments.argumentSet("username commitment index must be the correct size - too small", createRequestJson(
            new KeyTransparencyMonitorRequest(
                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, new byte[0]),
@@ -470,10 +470,10 @@ public class KeyTransparencyControllerTest {
                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 5, null)),
                Optional.empty(), 3L, 4L))),
-        Arguments.argumentSet("e164Position must be positive", createRequestJson(new KeyTransparencyMonitorRequest(
+        Arguments.argumentSet("e164Position must be non-negative", createRequestJson(new KeyTransparencyMonitorRequest(
            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
            Optional.of(
-                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 0, COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, -1, COMMITMENT_INDEX)),
            Optional.empty(), 3L, 4L))),
        Arguments.argumentSet("e164 commitment index must be the correct size - too small", createRequestJson(new KeyTransparencyMonitorRequest(
            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),