From e8a41295412ae3cf2e8fe529866592bd797746c7 Mon Sep 17 00:00:00 2001
From: Pierre <pierre.guillot@sonarsource.com>
Date: Tue, 9 Aug 2022 17:11:04 +0200
Subject: [PATCH] SONAR-17150 fix SSF-39

---
 .../java/org/sonar/auth/OAuthRestClient.java  | 22 +++++++------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
index 4e3d6eeb994..13eca84d684 100644
--- a/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
+++ b/server/sonar-auth-common/src/main/java/org/sonar/auth/OAuthRestClient.java
@@ -31,13 +31,15 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.function.Function;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import static java.lang.String.format;
 
 public class OAuthRestClient {
 
-  public static final String REL_NEXT = "rel=\"next\"";
   private static final int DEFAULT_PAGE_SIZE = 100;
+  private static final Pattern NEXT_LINK_PATTERN = Pattern.compile("<([^<]+)>; rel=\"next\"");
 
   private OAuthRestClient() {
     // Only static method
@@ -85,24 +87,16 @@ public class OAuthRestClient {
   }
 
   private static Optional<String> readNextEndPoint(Response response) {
-    Optional<String> linksHeader = response.getHeaders().entrySet().stream()
+    String link = response.getHeaders().entrySet().stream()
       .filter(e -> "Link".equalsIgnoreCase(e.getKey()))
       .map(Map.Entry::getValue)
-      .findAny();
+      .findAny().orElse("");
 
-    if (linksHeader.isEmpty()) {
+    Matcher nextLinkMatcher = NEXT_LINK_PATTERN.matcher(link);
+    if (!nextLinkMatcher.find()) {
       return Optional.empty();
     }
-
-    String[] links = linksHeader.get().split(",");
-    for (String link : links) {
-      String trimmedLink = link.trim();
-      if (trimmedLink.contains(REL_NEXT) && trimmedLink.contains("<") && trimmedLink.contains(">")) {
-        String nextUrl = trimmedLink.substring(trimmedLink.indexOf("<") + 1, trimmedLink.indexOf(">"));
-        return Optional.of(nextUrl);
-      }
-    }
-    return Optional.empty();
+    return Optional.of(nextLinkMatcher.group(1));
   }
 
   private static IllegalStateException unexpectedResponseCode(String requestUrl, Response response) throws IOException {
-- 
2.39.5