From 7248ea81e7ae41c3d386c424c946a7499eb9acd4 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 1 Dec 2016 14:09:58 +0100 Subject: [PATCH] SONAR-8462 WS api/rules/repositories does not escape the parameter "q" --- .../server/rule/ws/RepositoriesAction.java | 2 +- .../rule/ws/RepositoriesActionTest.java | 25 ++++++++++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java index ac06c0aea8b..4aec9bb14e0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java @@ -84,7 +84,7 @@ public class RepositoriesAction implements RulesWsAction { } private Collection listMatchingRepositories(@Nullable String query, @Nullable String languageKey, int pageSize) { - Pattern pattern = Pattern.compile(query == null ? MATCH_ALL : MATCH_ALL + query + MATCH_ALL, Pattern.CASE_INSENSITIVE); + Pattern pattern = Pattern.compile(query == null ? MATCH_ALL : MATCH_ALL + Pattern.quote(query) + MATCH_ALL, Pattern.CASE_INSENSITIVE); SortedMap reposByName = Maps.newTreeMap(); Collection repos = listRepositories(languageKey); diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java index 34d9fd65dd1..ee4aad71f38 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java @@ -35,6 +35,7 @@ import static org.mockito.Mockito.when; @RunWith(MockitoJUnitRunner.class) public class RepositoriesActionTest { + private static final String EMPTY_JSON_RESPONSE = "{\"repositories\":[]}"; private WsTester tester; @Mock @@ -65,18 +66,36 @@ public class RepositoriesActionTest { } @Test - public void should_list_repositories() throws Exception { + public void list_repositories() throws Exception { tester = new WsTester(new RulesWs(new RepositoriesAction(repositories))); newRequest().execute().assertJson(this.getClass(), "repositories.json"); newRequest().setParam("language", "xoo").execute().assertJson(this.getClass(), "repositories_xoo.json"); newRequest().setParam("language", "ws").execute().assertJson(this.getClass(), "repositories_ws.json"); + newRequest().setParam("ps", "4").execute().assertJson(this.getClass(), "repositories.json"); + newRequest().setParam("ps", "100").execute().assertJson(this.getClass(), "repositories.json"); + } + + @Test + public void filter_repositories_by_name() throws Exception { + tester = new WsTester(new RulesWs(new RepositoriesAction(repositories))); + newRequest().setParam("q", "common").execute().assertJson(this.getClass(), "repositories_common.json"); newRequest().setParam("q", "squid").execute().assertJson(this.getClass(), "repositories_squid.json"); newRequest().setParam("q", "sonar").execute().assertJson(this.getClass(), "repositories_sonar.json"); newRequest().setParam("q", "sonar").setParam("ps", "2").execute().assertJson(this.getClass(), "repositories_limited.json"); - newRequest().setParam("ps", "4").execute().assertJson(this.getClass(), "repositories.json"); - newRequest().setParam("ps", "100").execute().assertJson(this.getClass(), "repositories.json"); + } + + @Test + public void do_not_consider_query_as_regexp_when_filtering_repositories_by_name() throws Exception { + tester = new WsTester(new RulesWs(new RepositoriesAction(repositories))); + + // invalid regexp : do not fail. Query is not a regexp. + newRequest().setParam("q", "[").execute().assertJson(EMPTY_JSON_RESPONSE); + + // this is not the "match all" regexp + newRequest().setParam("q", ".*").execute().assertJson(EMPTY_JSON_RESPONSE); + } protected TestRequest newRequest() { -- 2.39.5