From 1346fcb59e5af9c74a0a0cb717d5b5b090b845ce Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Tue, 4 Mar 2025 11:20:01 -0500
Subject: [PATCH] Require that incoming messages have content

---
 .../controllers/MessageController.java             |  2 +-
 .../textsecuregcm/entities/IncomingMessage.java    | 10 +++++++---
 .../textsecuregcm/storage/ChangeNumberManager.java | 14 +-------------
 3 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
index 9969bf2e9..0a505ee7e 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@@ -314,7 +314,7 @@ public class MessageController {
       int totalContentLength = 0;
 
       for (final IncomingMessage message : messages.messages()) {
-        final int contentLength = message.content() != null ? message.content().length : 0;
+        final int contentLength = message.content().length;
 
         try {
           MessageSender.validateContentLength(contentLength, false, isSyncMessage, isStory, userAgent);
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java b/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
index f78cdcc37..061dddc97 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
@@ -10,6 +10,8 @@ import com.webauthn4j.converter.jackson.deserializer.json.ByteArrayBase64Deseria
 import io.micrometer.core.instrument.Metrics;
 import jakarta.validation.constraints.AssertTrue;
 import javax.annotation.Nullable;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.identity.ServiceIdentifier;
 import org.whispersystems.textsecuregcm.metrics.MetricsUtil;
@@ -22,6 +24,10 @@ public record IncomingMessage(int type,
                               int destinationRegistrationId,
 
                               @JsonDeserialize(using = ByteArrayBase64Deserializer.class)
+                              @NotNull
+                              // Note that max size is validated elsewhere in the interest of controlling responses and
+                              // reporting additional metrics.
+                              @Size(min = 1)
                               byte[] content) {
 
   private static final String REJECT_INVALID_ENVELOPE_TYPE_COUNTER_NAME =
@@ -57,9 +63,7 @@ public record IncomingMessage(int type,
       envelopeBuilder.setReportSpamToken(ByteString.copyFrom(reportSpamToken));
     }
 
-    if (content() != null && content().length > 0) {
-      envelopeBuilder.setContent(ByteString.copyFrom(content()));
-    }
+    envelopeBuilder.setContent(ByteString.copyFrom(content()));
 
     return envelopeBuilder.build();
   }
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/storage/ChangeNumberManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/storage/ChangeNumberManager.java
index 9a0e4e5a7..b70d9eb1e 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/storage/ChangeNumberManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/storage/ChangeNumberManager.java
@@ -5,10 +5,8 @@
 package org.whispersystems.textsecuregcm.storage;
 
 import com.google.protobuf.ByteString;
-import java.util.Base64;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 import javax.annotation.Nullable;
@@ -117,13 +115,12 @@ public class ChangeNumberManager {
       final long serverTimestamp = System.currentTimeMillis();
 
       messageSender.sendMessages(account, deviceMessages.stream()
-          .filter(message -> getMessageContent(message).isPresent())
           .collect(Collectors.toMap(IncomingMessage::destinationDeviceId, message -> Envelope.newBuilder()
               .setType(Envelope.Type.forNumber(message.type()))
               .setClientTimestamp(serverTimestamp)
               .setServerTimestamp(serverTimestamp)
               .setDestinationServiceId(new AciServiceIdentifier(account.getUuid()).toServiceIdentifierString())
-              .setContent(ByteString.copyFrom(getMessageContent(message).orElseThrow()))
+              .setContent(ByteString.copyFrom(message.content()))
               .setSourceServiceId(new AciServiceIdentifier(account.getUuid()).toServiceIdentifierString())
               .setSourceDevice(Device.PRIMARY_ID)
               .setUpdatedPni(account.getPhoneNumberIdentifier().toString())
@@ -135,13 +132,4 @@ public class ChangeNumberManager {
       throw e;
     }
   }
-
-  private static Optional<byte[]> getMessageContent(final IncomingMessage message) {
-    if (message.content() == null || message.content().length == 0) {
-      logger.warn("Message has no content");
-      return Optional.empty();
-    }
-
-    return Optional.of(message.content());
-  }
 }