Fix SSF-239

2 files changed, 60 insertions, 0 deletions

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/WebhookNewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/WebhookNewValue.java
index 2e6dfb62e18..031e129b11d 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/WebhookNewValue.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/WebhookNewValue.java
@@ -19,6 +19,7 @@
  */
 package org.sonar.db.audit.model;
 
+import java.util.function.UnaryOperator;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
 import org.sonar.db.project.ProjectDto;
@@ -68,6 +69,12 @@ public class WebhookNewValue extends NewValue {
     this.projectName = projectDto.getName();
   }
 
+  public void sanitizeUrl(UnaryOperator<String> sanitizer) {
+    if (this.url != null) {
+      this.url = sanitizer.apply(this.url);
+    }
+  }
+
   @CheckForNull
   public String getWebhookUuid() {
     return this.webhookUuid;
diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/WebhookNewValueTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/WebhookNewValueTest.java
new file mode 100644
index 00000000000..c49e0634f82
--- /dev/null
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/audit/model/WebhookNewValueTest.java
@@ -0,0 +1,53 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.audit.model;
+
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class WebhookNewValueTest {
+
+  @Test
+  public void sanitize_url_replace_url() {
+    var webhookNewValue = new WebhookNewValue("uuid", "name", "projectUuid", "projectKey", "projectName", "http://admin:admin@localhost.com");
+    webhookNewValue.sanitizeUrl(s -> s.replace("admin", "*****"));
+    assertThat(webhookNewValue).hasToString("{"
+      + "\"webhookUuid\": \"uuid\","
+      + " \"name\": \"name\","
+      + " \"url\": \"http://*****:*****@localhost.com\","
+      + " \"projectUuid\": \"projectUuid\","
+      + " \"projectKey\": \"projectKey\","
+      + " \"projectName\": \"projectName\" }");
+  }
+
+  @Test
+  public void sanitize_url_do_nothing_when_url_is_null() {
+    var webhookNewValue = new WebhookNewValue("uuid", "name", "projectUuid", "projectKey", "projectName", null);
+    webhookNewValue.sanitizeUrl(s -> s.replace("admin", "*****"));
+    assertThat(webhookNewValue).hasToString("{"
+      + "\"webhookUuid\": \"uuid\","
+      + " \"name\": \"name\","
+      + " \"projectUuid\": \"projectUuid\","
+      + " \"projectKey\": \"projectKey\","
+      + " \"projectName\": \"projectName\" }");
+  }
+
+}