From: Pierre <pierre.guillot@sonarsource.com>
Date: Fri, 5 Aug 2022 08:21:39 +0000 (+0200)
Subject: SONAR-17150 fix SSF-39
X-Git-Tag: 9.6.0.59041~82
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=91196c9868fef1c043a419c92714f96981a50402;p=sonarqube.git

SONAR-17150 fix SSF-39
---

diff --git a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
index a200c4e147f..4e3d6eeb994 100644
--- a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
+++ b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
@@ -31,15 +31,13 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.function.Function;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import static java.lang.String.format;
 
 public class OAuthRestClient {
 
+  public static final String REL_NEXT = "rel=\"next\"";
   private static final int DEFAULT_PAGE_SIZE = 100;
-  private static final Pattern NEXT_LINK_PATTERN = Pattern.compile(".*<(.*)>; rel=\"next\"");
 
   private OAuthRestClient() {
     // Only static method
@@ -87,18 +85,24 @@ public class OAuthRestClient {
   }
 
   private static Optional<String> readNextEndPoint(Response response) {
-    Optional<String> link = response.getHeaders().entrySet().stream()
+    Optional<String> linksHeader = response.getHeaders().entrySet().stream()
       .filter(e -> "Link".equalsIgnoreCase(e.getKey()))
       .map(Map.Entry::getValue)
       .findAny();
-    if (link.isEmpty() || link.get().isEmpty() || !link.get().contains("rel=\"next\"")) {
+
+    if (linksHeader.isEmpty()) {
       return Optional.empty();
     }
-    Matcher nextLinkMatcher = NEXT_LINK_PATTERN.matcher(link.get());
-    if (!nextLinkMatcher.find()) {
-      return Optional.empty();
+
+    String[] links = linksHeader.get().split(",");
+    for (String link : links) {
+      String trimmedLink = link.trim();
+      if (trimmedLink.contains(REL_NEXT) && trimmedLink.contains("<") && trimmedLink.contains(">")) {
+        String nextUrl = trimmedLink.substring(trimmedLink.indexOf("<") + 1, trimmedLink.indexOf(">"));
+        return Optional.of(nextUrl);
+      }
     }
-    return Optional.of(nextLinkMatcher.group(1));
+    return Optional.empty();
   }
 
   private static IllegalStateException unexpectedResponseCode(String requestUrl, Response response) throws IOException {