SONAR-15143 - Escape quotes in audits new_value

author Belen Pruvost <belen.pruvost@sonarsource.com>

Mon, 30 Aug 2021 17:10:49 +0000 (19:10 +0200)

committer sonartech <sonartech@sonarsource.com>

Tue, 31 Aug 2021 20:07:03 +0000 (20:07 +0000)
author Belen Pruvost <belen.pruvost@sonarsource.com>
Mon, 30 Aug 2021 17:10:49 +0000 (19:10 +0200)
committer sonartech <sonartech@sonarsource.com>
Tue, 31 Aug 2021 20:07:03 +0000 (20:07 +0000)
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java

index 629f1d7c06b67106ed1d560fee3dba0f9338db03..395f995ff01871a0220cd725e056e1c757ef1317 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java
@@ -33,6 +33,9 @@ public abstract class NewValue {
      if (!isNullOrEmpty(value)) {
        sb.append(field);
        addQuote(sb, isString);
+      if (value.contains("\"")) {
+        value = value.replace("\"", "\\\"");
+      }
        sb.append(value);
        addQuote(sb, isString);
        sb.append(", ");
diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java

index 1bebbaab39e6814e325297a54473f1e305581d21..dad53291f2360b552709968922c87b1c1f34150a 100644 (file)
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java
@@ -47,13 +47,13 @@ public class ComponentNewValueTest {
    }
  
    @Test
-  public void toString_project_uuid_and_name_and_isPrivate() {
-    ComponentNewValue newValue = new ComponentNewValue("uuid", "name", "key", true,"TRK");
+  public void toString_project_uuid_and_name_and_isPrivate_withEscapedQuotes() {
+    ComponentNewValue newValue = new ComponentNewValue("uuid", "the \"best\" name", "key", true,"TRK");
  
      assertThat(newValue.toString())
        .contains("\"componentUuid\": \"uuid\"")
        .contains("\"componentKey\": \"key\"")
-      .contains("\"componentName\": \"name\"")
+      .contains("\"componentName\": \"the \\\"best\\\" name\"")
        .contains("\"qualifier\": \"project\"")
        .contains("\"isPrivate\": true");
    }
author	Belen Pruvost <belen.pruvost@sonarsource.com>
	Mon, 30 Aug 2021 17:10:49 +0000 (19:10 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Tue, 31 Aug 2021 20:07:03 +0000 (20:07 +0000)
server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/NewValue.java		patch \| blob \| history
server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/ComponentNewValueTest.java		patch \| blob \| history