Skip to content

Core: Catch IAE when decoding JWT #13192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 3, 2025
Merged

Core: Catch IAE when decoding JWT #13192

merged 2 commits into from
Jun 3, 2025

Conversation

nika-qubit
Copy link
Contributor

Fixed an unintentional crash with IllegalArgumentException when attempting to extract expiration time from arbitrary Bearer token that looks like jwt in OAuth2Util.

Without the change, for the newly added test:
image

To run the test, ./gradlew :iceberg-core:test --tests org.apache.iceberg.rest.auth.TestOAuth2Util.

@github-actions github-actions bot added the core label May 30, 2025
Fixed OAuth2Util crash with IllegalArgumentException when extracting …
9d4d10d 
…expiration time from arbitrary Bearer token that looks like jwt.
@nika-qubit nika-qubit marked this pull request as ready for review May 31, 2025 19:55
nastra
nastra reviewed Jun 2, 2025
View reviewed changes
core/src/test/java/org/apache/iceberg/rest/auth/TestOAuth2Util.java Outdated
@@ -73,6 +73,10 @@ public void testOAuthScopeTokenValidation() {
public void testExpiresAt() {
assertThat(OAuth2Util.expiresAtMillis(null)).isNull();
assertThat(OAuth2Util.expiresAtMillis("not a token")).isNull();
assertThat(
OAuth2Util.expiresAtMillis(
"a.b.c token looks like jwt but not jwt and too short per section"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you just update this to a.b.c?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, of course! Thanks.

nastra
nastra approved these changes Jun 2, 2025
View reviewed changes
Copy link
Contributor

@nastra nastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, once the test is slightly updated

@nastra nastra changed the title Fixed OAuth2Util Core: Catch IAE when decoding JWT Jun 2, 2025
@nika-qubit nika-qubit requested a review from nastra June 2, 2025 18:39
singhpk234
singhpk234 approved these changes Jun 3, 2025
View reviewed changes
Copy link
Contributor

@singhpk234 singhpk234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

I realized there was one more PR open for this fix a month ago : https://github.com/apache/iceberg/pull/12955/files

@nastra nastra merged commit 73758ed into apache:main Jun 3, 2025
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nastra nastra nastra approved these changes

@singhpk234 singhpk234 singhpk234 approved these changes

Assignees
No one assigned
Labels
core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nika-qubit @nastra @singhpk234