diff options
| author | Steve Marion <unknown> | 2023-05-10 14:10:54 +0200 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2023-05-12 20:02:41 +0000 |
| commit | 5bd73a2bccb04fb48faec629996b5200761f4511 (patch) | |
| tree | 002719d05bd95fcb0e3d9151dc7a7de224888a83 | |
| parent | 794259e7e6629d1058b2400020ce80823cf83f58 (diff) | |
| download | sonarqube-5bd73a2bccb04fb48faec629996b5200761f4511.tar.gz sonarqube-5bd73a2bccb04fb48faec629996b5200761f4511.zip | |
SONAR-19096 add non-null check on the sanitizing of the relative path.
2 files changed, 17 insertions, 1 deletions
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java index 2346a8e65d8..11b4814d503 100644 --- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java +++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/fs/internal/DefaultIndexedFile.java @@ -68,7 +68,7 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed SensorStrategy sensorStrategy, @Nullable String oldRelativeFilePath) { super(batchId); this.projectKey = projectKey; - this.projectRelativePath = PathUtils.sanitize(projectRelativePath); + this.projectRelativePath = checkSanitize(projectRelativePath); this.moduleRelativePath = PathUtils.sanitize(moduleRelativePath); this.type = type; this.language = language; @@ -78,6 +78,14 @@ public class DefaultIndexedFile extends DefaultInputComponent implements Indexed validateKeyLength(); } + static String checkSanitize(String relativePath) { + String sanitized = PathUtils.sanitize(relativePath); + if(sanitized == null) { + throw new IllegalArgumentException(String.format("The path '%s' must sanitize to a non-null value", relativePath)); + } + return sanitized; + } + private void validateKeyLength() { String key = key(); if (key.length() > MAX_KEY_LENGTH) { diff --git a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java index 29edc62eaed..cec12d02a93 100644 --- a/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java +++ b/sonar-plugin-api-impl/src/test/java/org/sonar/api/batch/fs/internal/DefaultIndexedFileTest.java @@ -35,4 +35,12 @@ public class DefaultIndexedFileTest { .isInstanceOf(IllegalStateException.class) .hasMessageEndingWith("length (401) is longer than the maximum authorized (400)"); } + + @Test + public void sanitize_shouldThrow_whenRelativePathIsInvalid() { + String invalidPath = "./../foo/bar"; + Assertions.assertThatThrownBy(() -> DefaultIndexedFile.checkSanitize(invalidPath)) + .isInstanceOf(IllegalArgumentException.class) + .hasMessageContaining(invalidPath); + } } |