Add new demo file #361
Add new demo file #361
Conversation
| } | ||
|
|
||
| public static AmazonS3 getS3Client() { | ||
| return AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build(); |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code is written so that the client cannot be reused across invocations of the Lambda function.
To improve the performance of the Lambda function, consider using static initialization/constructor, global/static variables and singletons. It allows to keep alive and reuse HTTP connections that were established during a previous invocation.
Learn more about best practices for working with AWS Lambda functions.
| } | ||
|
|
||
| public static AmazonS3 getS3Client() { | ||
| return AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build(); |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Problem: The AWS region value is hardcoded in the code while calling AWS resources. The code will require refactoring, while expanding to other AWS regions.
Solution: The AWS region can be automatically determined by the client/client builder.The following link contains sample code snippets, on how to avoid AWS region hardcoding.
| final AmazonS3 s3Client = EventHandler.getS3Client(); | ||
| logger.log("Processing Bucket: " + bucketName); | ||
|
|
||
| ObjectListing files = s3Client.listObjects(bucketName); |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code might not produce accurate results if the operation returns paginated results instead of all results. Consider adding another call to check for additional results.
| final AmazonS3 s3Client = EventHandler.getS3Client(); | ||
| logger.log("Processing Bucket: " + bucketName); | ||
|
|
||
| ObjectListing files = s3Client.listObjects(bucketName); |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code uses an outdated API. ListObjectsV2 is the revised List Objects API, and we recommend you use this revised API for new application developments.
|
|
||
| long expirationTime = System.currentTimeMillis() + Duration.ofMinutes(1).toMillis(); | ||
| while(System.currentTimeMillis() < expirationTime) { | ||
| if (s3Client.doesObjectExist(Constants.SUMMARY_BUCKET, summaryUpdateName)) { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
This code appears to be waiting for a resource before it runs. You could use the waiters feature to help improve efficiency. Consider using ObjectExists or ObjectNotExists. For more information, see https://aws.amazon.com/blogs/developer/waiters-in-the-aws-sdk-for-java/
| try { | ||
| processShipmentUpdates(logger); | ||
| return "SUCCESS"; | ||
| } catch (final Exception ex) { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
It appears that your code handles a broad swath of exceptions in the catch block, potentially trapping dissimilar issues or problems that should not be dealt with at this point in the program.
| try { | ||
| processShipmentUpdates(logger); | ||
| return "SUCCESS"; | ||
| } catch (final Exception ex) { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Problem: While re-throwing the caught exception with modifications , information about the caught exception is being lost, including information about the stack trace of the exception.
Fix: If the caught exception object does not contain sensitive information, consider passing it as the "rootCause" or inner exception parameter to the constructor of the new exception before throwing the new exception. (Note that not all exception constructors support inner exceptions. Use a wrapper exception that supports inner exceptions.)
Learn more
Suggested remediation:
Consider passing the exception object either as "rootCause" or as an inner exception parameter, to the constructor of the new exception before throwing new exception. This will help keep stack trace.
@@ -55,3 +55,3 @@
logger.log(String.format("Failed to process shipment Updates in %s due to %s", scheduledEvent.getAccount(), ex.getMessage()));
- throw new RuntimeException("Hiding the exception");
+ throw new RuntimeException("Hiding the exception", ex);
}
| } | ||
|
|
||
| public String weakMessageEncryption(String message, String key) throws Exception { | ||
| Cipher cipher = Cipher.getInstance("RSA"); |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
It looks like your code uses a cipher object with an insecure transformation. To make your code more secure, use one of the following algorithms with a built-in integrity check: AES/GCM/NoPadding or ChaCha20-Poly1305.
| } | ||
| } | ||
|
|
||
| public String weakMessageEncryption(String message, String key) throws Exception { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Methods are throwing general exception, instead try and throw specific exception for proper and easy error handling.
| } | ||
|
|
||
| public ShopifyShop connectToShopify(String subdomain) { | ||
| final String token = "shpss_sdkfhkjh134134141341344133412312345678"; |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
It appears your code contains a hardcoded Shopify Shared Secret. Hardcoded secrets can allow attackers to bypass authentication methods and perform malicious actions. Possible remediation approaches are:
1. Manage secret data using environment variables:
a. Identify the secret data and store that data in environment variables on your local and production server. The setting process may vary depending on your OS and environment.
b. Replace hard-coded secrets with references to environment variables, e.g., `password = os.environ.get('PASSWORD')`.
2. Use AWS Secrets Manager to store, rotate, monitor, and control access to secrets. To retrieve secrets, you can replace hardcoded secrets in applications with a call to Secrets Manager APIs. To use Secrets Manager:
a. Visit [Secrets Manager](https://aws.amazon.com/secrets-manager/) on the AWS Management Console.
b. Choose the secret type on the console page and follow the instructions.
c. Use the code samples suggested in the console to retrieve the secret in your application.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.