From d466e731496434f5253d36f5c5b3599f4589fdaa Mon Sep 17 00:00:00 2001
From: Teryk Bellahsene <teryk.bellahsene@sonarsource.com>
Date: Fri, 28 Aug 2015 17:54:47 +0200
Subject: [PATCH] Trim all WS string request parameters

---
 .../ws/PermissionRequestValidator.java        |  4 ++--
 .../ws/PermissionRequestValidatorTest.java    |  1 +
 .../server/ws/internal/ValidatingRequest.java | 22 +++++++++----------
 .../org/sonar/api/server/ws/RequestTest.java  |  1 +
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java
index d9e1c92a5ee..1f7d1b94ee4 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java
@@ -20,7 +20,6 @@
 
 package org.sonar.server.permission.ws;
 
-import com.google.common.base.CharMatcher;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 import javax.annotation.Nullable;
@@ -28,6 +27,7 @@ import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.core.permission.ProjectPermissions;
 import org.sonar.server.exceptions.BadRequestException;
 
+import static com.google.common.base.CharMatcher.WHITESPACE;
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static java.lang.String.format;
 import static org.sonar.api.security.DefaultGroups.isAnyone;
@@ -59,7 +59,7 @@ public class PermissionRequestValidator {
   }
 
   public static void validateTemplateNameFormat(String name) {
-    String nameWithoutWhitespaces = CharMatcher.WHITESPACE.removeFrom(name);
+    String nameWithoutWhitespaces = WHITESPACE.trimFrom(name);
     checkRequest(!nameWithoutWhitespaces.isEmpty(), MSG_TEMPLATE_NAME_NOT_BLANK);
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionRequestValidatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionRequestValidatorTest.java
index 82a759778ca..ea19efdfa6e 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionRequestValidatorTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionRequestValidatorTest.java
@@ -33,6 +33,7 @@ public class PermissionRequestValidatorTest {
 
   @Test
   public void validate_template_name() {
+    PermissionRequestValidator.validateTemplateNameFormat("  text \r\n");
     expectedException.expect(BadRequestException.class);
     expectedException.expectMessage(MSG_TEMPLATE_NAME_NOT_BLANK);
 
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/server/ws/internal/ValidatingRequest.java b/sonar-plugin-api/src/main/java/org/sonar/api/server/ws/internal/ValidatingRequest.java
index 4e193931bf8..0c5efdcf525 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/server/ws/internal/ValidatingRequest.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/server/ws/internal/ValidatingRequest.java
@@ -19,20 +19,19 @@
  */
 package org.sonar.api.server.ws.internal;
 
+import com.google.common.base.CharMatcher;
 import com.google.common.base.Splitter;
 import com.google.common.collect.Lists;
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.server.ws.Request;
-import org.sonar.api.server.ws.WebService;
-import org.sonar.api.utils.log.Loggers;
-
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.server.ws.Request;
+import org.sonar.api.server.ws.WebService;
+import org.sonar.api.utils.log.Loggers;
 
 /**
  * @since 4.2
@@ -65,10 +64,11 @@ public abstract class ValidatingRequest extends Request {
   private String param(String key, boolean validateValue) {
     WebService.Param definition = action.param(key);
     String value = readParamOrDefaultValue(key, definition);
-    if (value != null && validateValue) {
-      validate(value, definition);
+    String trimmedValue = value == null ? value : CharMatcher.WHITESPACE.trimFrom(value);
+    if (trimmedValue != null && validateValue) {
+      validate(trimmedValue, definition);
     }
-    return value;
+    return trimmedValue;
   }
 
   @CheckForNull
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java
index 5cae0e2cdda..a9cde1cc415 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java
@@ -175,6 +175,7 @@ public class RequestTest {
   @Test
   public void param_as_string() {
     assertThat(request.setParam("a_string", "foo").param("a_string")).isEqualTo("foo");
+    assertThat(request.setParam("a_string", " f o o \r\n ").param("a_string")).isEqualTo("f o o");
   }
 
   @Test
-- 
2.39.5