SONAR-19096 add non-null check on the sanitizing of the relative path.

author Steve Marion <unknown>

Wed, 10 May 2023 12:10:54 +0000 (14:10 +0200)

committer sonartech <sonartech@sonarsource.com>

Fri, 12 May 2023 20:02:41 +0000 (20:02 +0000)
author Steve Marion <unknown>
Wed, 10 May 2023 12:10:54 +0000 (14:10 +0200)
committer sonartech <sonartech@sonarsource.com>
Fri, 12 May 2023 20:02:41 +0000 (20:02 +0000)
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java

index 2346a8e65d8674c209e7a83ee68037645f916b66..11b4814d503454813bd32cc0444159d560087c01 100644 (file)
--- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java
+++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java
@@ -68,7 +68,7 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed
      SensorStrategy sensorStrategy, @Nullable String oldRelativeFilePath) {
      super(batchId);
      this.projectKey = projectKey;
-    this.projectRelativePath = PathUtils.sanitize(projectRelativePath);
+    this.projectRelativePath = checkSanitize(projectRelativePath);
      this.moduleRelativePath = PathUtils.sanitize(moduleRelativePath);
      this.type = type;
      this.language = language;
@@ -78,6 +78,14 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed
      validateKeyLength();
    }
  
+  static String checkSanitize(String relativePath) {
+    String sanitized = PathUtils.sanitize(relativePath);
+    if(sanitized == null) {
+      throw new IllegalArgumentException(String.format("The path '%s' must sanitize to a non-null value", relativePath));
+    }
+    return sanitized;
+  }
+
    private void validateKeyLength() {
      String key = key();
      if (key.length() > MAX_KEY_LENGTH) {
diff --git a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java

index 29edc62eaedc160f921c90c08534d0147600a205..cec12d02a93b4b15bdc75ac4ab0680a7cbd23db9 100644 (file)
--- a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java
+++ b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java
@@ -35,4 +35,12 @@ public class DefaultIndexedFileTest {
        .isInstanceOf(IllegalStateException.class)
        .hasMessageEndingWith("length (401) is longer than the maximum authorized (400)");
    }
+
+  @Test
+  public void sanitize_shouldThrow_whenRelativePathIsInvalid() {
+    String invalidPath = "./../foo/bar";
+    Assertions.assertThatThrownBy(() -> DefaultIndexedFile.checkSanitize(invalidPath))
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessageContaining(invalidPath);
+  }
  }
author	Steve Marion <unknown>
	Wed, 10 May 2023 12:10:54 +0000 (14:10 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Fri, 12 May 2023 20:02:41 +0000 (20:02 +0000)
sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java		patch \| blob \| history
sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java		patch \| blob \| history