SONAR-19014 Don't rely on plugin APIs list of static resources

author Duarte Meneses <duarte.meneses@sonarsource.com>

Tue, 2 May 2023 18:44:15 +0000 (13:44 -0500)

committer sonartech <sonartech@sonarsource.com>

Wed, 3 May 2023 20:02:58 +0000 (20:02 +0000)
author Duarte Meneses <duarte.meneses@sonarsource.com>
Tue, 2 May 2023 18:44:15 +0000 (13:44 -0500)
committer sonartech <sonartech@sonarsource.com>
Wed, 3 May 2023 20:02:58 +0000 (20:02 +0000)
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java

index d551292c3b08a3b2ffbc460af2fd0ed64a5cbcd8..49d3906e2a52856b866e49036a6f81dcb2ab9f00 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java
@@ -22,6 +22,7 @@ package org.sonar.server.authentication;
  import java.io.IOException;
  import java.util.Set;
  import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
  import org.sonar.api.server.http.HttpRequest;
  import org.sonar.api.server.http.HttpResponse;
  import org.sonar.api.web.FilterChain;
@@ -29,7 +30,6 @@ import org.sonar.api.web.HttpFilter;
  import org.sonar.api.web.UrlPattern;
  import org.sonar.server.user.ThreadLocalUserSession;
  
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
  import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
  
  public class DefaultAdminCredentialsVerifierFilter extends HttpFilter {
@@ -58,7 +58,7 @@ public class DefaultAdminCredentialsVerifierFilter extends HttpFilter {
    public UrlPattern doGetPattern() {
      return UrlPattern.builder()
        .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
        .excludes(SKIPPED_URLS)
        .build();
    }
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java

index 68f494d988dee69b955c45cfdfdeb3ba8a89e093..0b254491779db1ddfb01a2c98666cf928e44474e 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java
@@ -21,6 +21,7 @@ package org.sonar.server.authentication;
  
  import java.io.IOException;
  import java.util.Set;
+import org.sonar.api.impl.ws.StaticResources;
  import org.sonar.api.server.http.HttpRequest;
  import org.sonar.api.server.http.HttpResponse;
  import org.sonar.api.web.FilterChain;
@@ -28,7 +29,6 @@ import org.sonar.api.web.HttpFilter;
  import org.sonar.api.web.UrlPattern;
  import org.sonar.server.user.ThreadLocalUserSession;
  
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
  import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
  
  public class ResetPasswordFilter extends HttpFilter {
@@ -48,7 +48,7 @@ public class ResetPasswordFilter extends HttpFilter {
    public UrlPattern doGetPattern() {
      return UrlPattern.builder()
        .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
        .excludes(SKIPPED_URLS)
        .build();
    }
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java

index 8a809380a131c9e20a951e761fc4b1cc9b21ce4e..ab36616e010128e74645265a6ac5ced90a2dc48d 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
@@ -22,6 +22,7 @@ package org.sonar.server.authentication;
  import java.util.Optional;
  import java.util.Set;
  import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
  import org.sonar.api.server.ServerSide;
  import org.sonar.api.server.http.HttpRequest;
  import org.sonar.api.server.http.HttpResponse;
@@ -39,7 +40,6 @@ import static org.apache.commons.lang.StringUtils.defaultString;
  import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE;
  import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
  import static org.sonar.api.utils.DateUtils.formatDateTime;
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
  import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError;
  
  @ServerSide
@@ -75,7 +75,7 @@ public class UserSessionInitializer {
  
    private static final UrlPattern URL_PATTERN = UrlPattern.builder()
      .includes("/*")
-    .excludes(staticResourcePatterns())
+    .excludes(StaticResources.patterns())
      .excludes(SKIPPED_URLS)
      .build();
  
@@ -83,7 +83,6 @@ public class UserSessionInitializer {
      .includes(URL_USING_PASSCODE)
      .build();
  
-
    private final Configuration config;
    private final ThreadLocalUserSession threadLocalSession;
    private final AuthenticationEvent authenticationEvent;
diff --git a/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java b/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java

index 8d7470f2a36566a2452ed09a7b7ddc1b46fe7e05..8b6252043186dfcd3d8722e8d07c3dc9c2b1393d 100644 (file)
--- a/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java
+++ b/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java
@@ -22,6 +22,7 @@ package org.sonar.server.plugins;
  import java.io.IOException;
  import java.util.Set;
  import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
  import org.sonar.api.server.http.HttpRequest;
  import org.sonar.api.server.http.HttpResponse;
  import org.sonar.api.web.FilterChain;
@@ -30,7 +31,6 @@ import org.sonar.api.web.UrlPattern;
  import org.sonar.core.extension.PluginRiskConsent;
  import org.sonar.server.user.ThreadLocalUserSession;
  
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
  import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
  import static org.sonar.core.extension.PluginRiskConsent.NOT_ACCEPTED;
  import static org.sonar.core.extension.PluginRiskConsent.REQUIRED;
@@ -74,7 +74,7 @@ public class PluginsRiskConsentFilter extends HttpFilter {
    public UrlPattern doGetPattern() {
      return UrlPattern.builder()
        .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
        .excludes(SKIPPED_URLS)
        .build();
    }
diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java

index 5e32a354f146149ebe19ef1184b8fafe9ef0c2dc..39921faf72429c71d8c7d21db69e229e50d46d4d 100644 (file)
--- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java
+++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java
@@ -36,7 +36,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
  import static java.util.Locale.ENGLISH;
  import static java.util.Objects.requireNonNull;
  import static org.apache.commons.io.IOUtils.write;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.impl.ws.StaticResources.patterns;
  import static org.sonarqube.ws.MediaTypes.HTML;
  
  /**
@@ -50,7 +50,7 @@ public class WebPagesFilter implements Filter {
  
    private static final ServletFilter.UrlPattern URL_PATTERN = ServletFilter.UrlPattern
      .builder()
-    .excludes(staticResourcePatterns())
+    .excludes(patterns())
      .excludes("/api/v2/*")
      .build();
  
@@ -60,8 +60,7 @@ public class WebPagesFilter implements Filter {
      this(PlatformImpl.getInstance().getContainer().getComponentByType(WebPagesCache.class));
    }
  
-  @VisibleForTesting
-  WebPagesFilter(WebPagesCache webPagesCache) {
+  @VisibleForTesting WebPagesFilter(WebPagesCache webPagesCache) {
      this.webPagesCache = webPagesCache;
    }
  
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java

new file mode 100644 (file)

index 0000000..30c9825
--- /dev/null
+++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java
@@ -0,0 +1,37 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.impl.ws;
+
+import java.util.Collection;
+import java.util.List;
+
+public class StaticResources {
+  private static final Collection<String> STATIC_RESOURCES = List.of("*.css", "*.css.map", "*.ico", "*.png",
+    "*.jpg", "*.jpeg", "*.gif", "*.svg", "*.js", "*.js.map", "*.pdf", "/json/*", "*.woff2", "/static/*",
+    "/robots.txt", "/favicon.ico", "/apple-touch-icon*", "/mstile*");
+
+  private StaticResources() {
+    // only static
+  }
+
+  public static Collection<String> patterns() {
+    return STATIC_RESOURCES;
+  }
+}
diff --git a/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java b/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java

new file mode 100644 (file)

index 0000000..5a9e483
--- /dev/null
+++ b/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java
@@ -0,0 +1,31 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.impl.ws;
+
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class StaticResourcesTest {
+  @Test
+  public void patterns_shouldNotBeEmpty() {
+    assertThat(StaticResources.patterns()).isNotEmpty();
+  }
+}
+\ No newline at end of file
author	Duarte Meneses <duarte.meneses@sonarsource.com>
	Tue, 2 May 2023 18:44:15 +0000 (13:44 -0500)
committer	sonartech <sonartech@sonarsource.com>
	Wed, 3 May 2023 20:02:58 +0000 (20:02 +0000)
server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java		patch \| blob \| history
server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java		patch \| blob \| history
server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java		patch \| blob \| history
server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java		patch \| blob \| history
server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java		patch \| blob \| history
sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java	[new file with mode: 0644]	patch \| blob
sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java	[new file with mode: 0644]	patch \| blob