From: Pierre <pierre.guillot@sonarsource.com>
Date: Tue, 9 Aug 2022 15:11:04 +0000 (+0200)
Subject: SONAR-17150 fix SSF-39
X-Git-Tag: 9.7.0.61563~382
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e8a41295412ae3cf2e8fe529866592bd797746c7;p=sonarqube.git

SONAR-17150 fix SSF-39
---

diff --git a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
index 4e3d6eeb994..13eca84d684 100644
--- a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
+++ b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
@@ -31,13 +31,15 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.function.Function;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import static java.lang.String.format;
 
 public class OAuthRestClient {
 
-  public static final String REL_NEXT = "rel=\"next\"";
   private static final int DEFAULT_PAGE_SIZE = 100;
+  private static final Pattern NEXT_LINK_PATTERN = Pattern.compile("<([^<]+)>; rel=\"next\"");
 
   private OAuthRestClient() {
     // Only static method
@@ -85,24 +87,16 @@ public class OAuthRestClient {
   }
 
   private static Optional<String> readNextEndPoint(Response response) {
-    Optional<String> linksHeader = response.getHeaders().entrySet().stream()
+    String link = response.getHeaders().entrySet().stream()
       .filter(e -> "Link".equalsIgnoreCase(e.getKey()))
       .map(Map.Entry::getValue)
-      .findAny();
+      .findAny().orElse("");
 
-    if (linksHeader.isEmpty()) {
+    Matcher nextLinkMatcher = NEXT_LINK_PATTERN.matcher(link);
+    if (!nextLinkMatcher.find()) {
       return Optional.empty();
     }
-
-    String[] links = linksHeader.get().split(",");
-    for (String link : links) {
-      String trimmedLink = link.trim();
-      if (trimmedLink.contains(REL_NEXT) && trimmedLink.contains("<") && trimmedLink.contains(">")) {
-        String nextUrl = trimmedLink.substring(trimmedLink.indexOf("<") + 1, trimmedLink.indexOf(">"));
-        return Optional.of(nextUrl);
-      }
-    }
-    return Optional.empty();
+    return Optional.of(nextLinkMatcher.group(1));
   }
 
   private static IllegalStateException unexpectedResponseCode(String requestUrl, Response response) throws IOException {