From 9b55dfb4c834e56c248c4fd4e62e3347553f08f3 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 1 Dec 2016 14:09:58 +0100 Subject: [PATCH] SONAR-8462 escape param "q" in WS api/rules/repositories" --- .../server/rule/ws/RepositoriesAction.java | 2 +- .../rule/ws/RepositoriesActionTest.java | 23 +++++++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java index e21a44b874a..2a5106c9130 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RepositoriesAction.java @@ -84,7 +84,7 @@ public class RepositoriesAction implements RulesWsAction { } private Collection listMatchingRepositories(@Nullable String query, @Nullable String languageKey) { - Pattern pattern = Pattern.compile(query == null ? MATCH_ALL : MATCH_ALL + query + MATCH_ALL, Pattern.CASE_INSENSITIVE); + Pattern pattern = Pattern.compile(query == null ? MATCH_ALL : MATCH_ALL + Pattern.quote(query) + MATCH_ALL, Pattern.CASE_INSENSITIVE); return selectFromDb(languageKey).stream() .filter(r -> pattern.matcher(r.getKey()).matches() || pattern.matcher(r.getName()).matches()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java index d73535d881b..2eb759c4b67 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/RepositoriesActionTest.java @@ -33,6 +33,7 @@ import static java.util.Arrays.asList; public class RepositoriesActionTest { + private static final String EMPTY_JSON_RESPONSE = "{\"repositories\":[]}"; private WsTester wsTester; @Rule @@ -40,11 +41,6 @@ public class RepositoriesActionTest { @Before public void setUp() { - wsTester = new WsTester(new RulesWs(new RepositoriesAction(dbTester.getDbClient()))); - } - - @Test - public void should_list_repositories() throws Exception { DbSession dbSession = dbTester.getSession(); RuleRepositoryDto repo1 = new RuleRepositoryDto("xoo", "xoo", "SonarQube"); RuleRepositoryDto repo2 = new RuleRepositoryDto("squid", "ws", "SonarQube"); @@ -53,15 +49,32 @@ public class RepositoriesActionTest { dbSession.commit(); wsTester = new WsTester(new RulesWs(new RepositoriesAction(dbTester.getDbClient()))); + } + @Test + public void should_list_repositories() throws Exception { newRequest().execute().assertJson(this.getClass(), "repositories.json"); newRequest().setParam("language", "xoo").execute().assertJson(this.getClass(), "repositories_xoo.json"); newRequest().setParam("language", "ws").execute().assertJson(this.getClass(), "repositories_ws.json"); + } + + @Test + public void filter_repositories_by_name() throws Exception { newRequest().setParam("q", "common").execute().assertJson(this.getClass(), "repositories_common.json"); newRequest().setParam("q", "squid").execute().assertJson(this.getClass(), "repositories_squid.json"); newRequest().setParam("q", "sonar").execute().assertJson(this.getClass(), "repositories_sonar.json"); } + @Test + public void do_not_consider_query_as_regexp_when_filtering_repositories_by_name() throws Exception { + // invalid regexp : do not fail. Query is not a regexp. + newRequest().setParam("q", "[").execute().assertJson(EMPTY_JSON_RESPONSE); + + // this is not the "match all" regexp + newRequest().setParam("q", ".*").execute().assertJson(EMPTY_JSON_RESPONSE); + + } + protected TestRequest newRequest() { return wsTester.newGetRequest("api/rules", "repositories"); } -- 2.39.5