SONAR-11225 NPE when using RelativePathPredicate with a path starting by ..

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/batch/fs/internal/RelativePathPredicate.java b/sonar-plugin-api/src/main/java/org/sonar/api/batch/fs/internal/RelativePathPredicate.java
index 07dc8a06fc0067d18e340b18ed52a21e3e276414..27c2958e4600273ec8b6434cb8c82b5c0a3a1963 100644 (file)
--- a/sonar-plugin-api/src/main/java/org/sonar/api/batch/fs/internal/RelativePathPredicate.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/batch/fs/internal/RelativePathPredicate.java
@@ -19,18 +19,18 @@
  */
 package org.sonar.api.batch.fs.internal;
 
+import java.util.Collections;
+import javax.annotation.Nullable;
 import org.sonar.api.batch.fs.FileSystem.Index;
 import org.sonar.api.batch.fs.InputFile;
 import org.sonar.api.utils.PathUtils;
 
-import java.util.Arrays;
-import java.util.Collections;
-
 /**
  * @since 4.2
  */
 public class RelativePathPredicate extends AbstractFilePredicate {
 
+  @Nullable
   private final String path;
 
   RelativePathPredicate(String path) {
@@ -43,13 +43,22 @@ public class RelativePathPredicate extends AbstractFilePredicate {
 
   @Override
   public boolean apply(InputFile f) {
+    if (path == null) {
+      return false;
+    }
+
     return path.equals(f.relativePath());
   }
 
   @Override
   public Iterable<InputFile> get(Index index) {
-    InputFile f = index.inputFile(this.path);
-    return f != null ? Arrays.asList(f) : Collections.<InputFile>emptyList();
+    if (path != null) {
+      InputFile f = index.inputFile(this.path);
+      if (f != null) {
+        return Collections.singletonList(f);
+      }
+    }
+    return Collections.emptyList();
   }
 
   @Override

diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
index aa90503553d3d9f8f253f84ef2aaee7887f1938a..2592bee85ab8b7fa289c751ed51c863a1cee5e20 100644 (file)
--- a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
@@ -33,14 +33,14 @@ public class OrPredicateTest {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
     PathPatternPredicate pathPatternPredicate3 = new PathPatternPredicate(PathPattern.create("foo3/**"));
-    FilePredicate orPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
-      OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate2, pathPatternPredicate3))));
+    FilePredicate orPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
+      OrPredicate.create(Arrays.asList(pathPatternPredicate2, pathPatternPredicate3))));
     assertThat(((OrPredicate) orPredicate).predicates()).containsExactly(pathPatternPredicate1, pathPatternPredicate2, pathPatternPredicate3);
   }
 
   @Test
   public void simplifyOrExpressionsWhenEmpty() {
-    FilePredicate orPredicate = OrPredicate.create(Arrays.<FilePredicate>asList());
+    FilePredicate orPredicate = OrPredicate.create(Arrays.asList());
     assertThat(orPredicate).isEqualTo(TruePredicate.TRUE);
   }
 
@@ -48,7 +48,7 @@ public class OrPredicateTest {
   public void simplifyOrExpressionsWhenFalse() {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
-    FilePredicate andPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
+    FilePredicate andPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
       FalsePredicate.FALSE, pathPatternPredicate2));
     assertThat(((OrPredicate) andPredicate).predicates()).containsExactly(pathPatternPredicate1, pathPatternPredicate2);
   }
@@ -57,7 +57,7 @@ public class OrPredicateTest {
   public void simplifyAndExpressionsWhenTrue() {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
-    FilePredicate andPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
+    FilePredicate andPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
       TruePredicate.TRUE, pathPatternPredicate2));
     assertThat(andPredicate).isEqualTo(TruePredicate.TRUE);
   }

diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java
new file mode 100644 (file)
index 0000000..50bcba8
--- /dev/null
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java
@@ -0,0 +1,53 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2019 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.batch.fs.internal;
+
+import org.junit.Test;
+import org.sonar.api.batch.fs.InputFile;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class RelativePathPredicateTest {
+  @Test
+  public void returns_false_when_path_is_invalid() {
+    RelativePathPredicate predicate = new RelativePathPredicate("..");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path");
+    assertThat(predicate.apply(inputFile)).isFalse();
+  }
+
+  @Test
+  public void returns_true_if_matches() {
+    RelativePathPredicate predicate = new RelativePathPredicate("path");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path");
+    assertThat(predicate.apply(inputFile)).isTrue();
+  }
+
+  @Test
+  public void returns_false_if_doesnt_match() {
+    RelativePathPredicate predicate = new RelativePathPredicate("path1");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path2");
+    assertThat(predicate.apply(inputFile)).isFalse();
+  }
+}

diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
index fc0f7a0cb1cb26314c5615c7b4712e901d776bcf..80371dc5aa208e3b0fa811421a5815ee3e3c331a 100644 (file)
--- a/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
@@ -42,14 +42,19 @@ public class PathUtilsTest {
   public TemporaryFolder temp = new TemporaryFolder();
 
   @Test
-  public void testSanitize() throws Exception {
+  public void sanitize_succeeds() {
     assertThat(PathUtils.sanitize("foo/bar/..")).isEqualTo("foo/");
     assertThat(PathUtils.sanitize("C:\\foo\\..\\bar")).isEqualTo("C:/bar");
     assertThat(PathUtils.sanitize(null)).isNull();
   }
 
   @Test
-  public void test_canonicalPath() throws Exception {
+  public void sanitize_invalid_paths_returns_null() {
+    assertThat(PathUtils.sanitize("../foo")).isNull();
+  }
+
+  @Test
+  public void canonicalPath_succeeds() throws Exception {
     File file = temp.newFile();
     String path = PathUtils.canonicalPath(file);
     assertThat(path).isEqualTo(FilenameUtils.separatorsToUnix(file.getCanonicalPath()));