From 5bd73a2bccb04fb48faec629996b5200761f4511 Mon Sep 17 00:00:00 2001 From: Steve Marion Date: Wed, 10 May 2023 14:10:54 +0200 Subject: [PATCH] SONAR-19096 add non-null check on the sanitizing of the relative path. --- .../api/batch/fs/internal/DefaultIndexedFile.java | 10 +++++++++- .../api/batch/fs/internal/DefaultIndexedFileTest.java | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java index 2346a8e65d8..11b4814d503 100644 --- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java +++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java @@ -68,7 +68,7 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed SensorStrategy sensorStrategy, @Nullable String oldRelativeFilePath) { super(batchId); this.projectKey = projectKey; - this.projectRelativePath = PathUtils.sanitize(projectRelativePath); + this.projectRelativePath = checkSanitize(projectRelativePath); this.moduleRelativePath = PathUtils.sanitize(moduleRelativePath); this.type = type; this.language = language; @@ -78,6 +78,14 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed validateKeyLength(); } + static String checkSanitize(String relativePath) { + String sanitized = PathUtils.sanitize(relativePath); + if(sanitized == null) { + throw new IllegalArgumentException(String.format("The path '%s' must sanitize to a non-null value", relativePath)); + } + return sanitized; + } + private void validateKeyLength() { String key = key(); if (key.length() > MAX_KEY_LENGTH) { diff --git a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java index 29edc62eaed..cec12d02a93 100644 --- a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java +++ b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java @@ -35,4 +35,12 @@ public class DefaultIndexedFileTest { .isInstanceOf(IllegalStateException.class) .hasMessageEndingWith("length (401) is longer than the maximum authorized (400)"); } + + @Test + public void sanitize_shouldThrow_whenRelativePathIsInvalid() { + String invalidPath = "./../foo/bar"; + Assertions.assertThatThrownBy(() -> DefaultIndexedFile.checkSanitize(invalidPath)) + .isInstanceOf(IllegalArgumentException.class) + .hasMessageContaining(invalidPath); + } } -- 2.39.5