Steve Marion
1 年之前
+ 9
- 1
sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java
查看文件
| @@ -68,7 +68,7 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed | |||
| SensorStrategy sensorStrategy, @Nullable String oldRelativeFilePath) { | |||
| super(batchId); | |||
| this.projectKey = projectKey; | |||
| this.projectRelativePath = PathUtils.sanitize(projectRelativePath); | |||
| this.projectRelativePath = checkSanitize(projectRelativePath); | |||
| this.moduleRelativePath = PathUtils.sanitize(moduleRelativePath); | |||
| this.type = type; | |||
| this.language = language; | |||
| @@ -78,6 +78,14 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed | |||
| validateKeyLength(); | |||
| } | |||
| static String checkSanitize(String relativePath) { | |||
| String sanitized = PathUtils.sanitize(relativePath); | |||
| if(sanitized == null) { | |||
| throw new IllegalArgumentException(String.format("The path '%s' must sanitize to a non-null value", relativePath)); | |||
| } | |||
| return sanitized; | |||
| } | |||
| private void validateKeyLength() { | |||
| String key = key(); | |||
| if (key.length() > MAX_KEY_LENGTH) { | |||
+ 8
- 0
sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java
查看文件
| @@ -35,4 +35,12 @@ public class DefaultIndexedFileTest { | |||
| .isInstanceOf(IllegalStateException.class) | |||
| .hasMessageEndingWith("length (401) is longer than the maximum authorized (400)"); | |||
| } | |||
| @Test | |||
| public void sanitize_shouldThrow_whenRelativePathIsInvalid() { | |||
| String invalidPath = "./../foo/bar"; | |||
| Assertions.assertThatThrownBy(() -> DefaultIndexedFile.checkSanitize(invalidPath)) | |||
| .isInstanceOf(IllegalArgumentException.class) | |||
| .hasMessageContaining(invalidPath); | |||
| } | |||
| } | |||
Loading…