mirrors
/
sonarqube
espelhamento de https://github.com/SonarSource/sonarqube.git
Observar 1
Favorito 0
Fork 0
Código Issues 0 Versões 237 Wiki Atividade
Ver código fonte

SONAR-13513 Request parameter should not allow NUL character

tags/9.0.0.45539
Zipeng WU 2 anos atrás
pai
a14676204f
commit
79ecdf7bef
2 arquivos alterados com 16 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 5
    1
      sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java
  2. 11
    0
      sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java

+ 5
- 1
sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java Ver arquivo

@@ -153,7 +153,11 @@ public abstract class ValidatingRequest extends Request {
private String readParam(String key, @Nullable WebService.Param definition) {
checkArgument(definition != null, "BUG - parameter '%s' is undefined for action '%s'", key, action.key());
String deprecatedKey = definition.deprecatedKey();
return deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key);
String param = deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key);
if (param != null && param.contains("\0")) {
throw new IllegalArgumentException("Request parameters are not allowed to contain NUL character");
}
return param;
}

private List<String> readMultiParamOrDefaultValue(String key, @Nullable WebService.Param definition) {

+ 11
- 0
sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java Ver arquivo

@@ -49,8 +49,10 @@ import static com.google.common.base.Strings.repeat;
import static com.google.common.collect.Lists.newArrayList;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.api.utils.DateUtils.parseDate;
import static org.sonar.api.utils.DateUtils.parseDateTime;

@@ -216,6 +218,15 @@ public class RequestTest {
assertThat(underTest.setParam("a_string", " f o o \r\n ").param("a_string")).isEqualTo("f o o");
}

@Test
public void param_contains_NUL_char_should_throw_exception() {
underTest.setParam("a_string", "value\0value");

assertThatThrownBy(() -> underTest.param("a_string"))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("Request parameters are not allowed to contain NUL character");
}

@Test
public void null_param() {
assertThat(underTest.param("a_string")).isNull();

Escrever Pré-visualização
Carregando…
Cancelar
Salvar