diff options
| author | Zipeng WU <zipeng.wu@sonarsource.com> | 2021-07-01 15:24:24 +0200 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2021-07-01 20:03:19 +0000 |
| commit | 79ecdf7bef85c00ae5b9271ef8d7338306d72881 (patch) | |
| tree | 35e2d8b6c08848c9e666cdb708b6401724605723 | |
| parent | a14676204f59098a9e8983da4ecc21bbaf81ac14 (diff) | |
| download | sonarqube-79ecdf7bef85c00ae5b9271ef8d7338306d72881.tar.gz sonarqube-79ecdf7bef85c00ae5b9271ef8d7338306d72881.zip | |
SONAR-13513 Request parameter should not allow NUL character
| -rw-r--r-- | sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java | 6 | ||||
| -rw-r--r-- | sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java | 11 |
2 files changed, 16 insertions, 1 deletions
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java index 033b95f8fb7..cc83b0cf58b 100644 --- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java +++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java @@ -153,7 +153,11 @@ public abstract class ValidatingRequest extends Request { private String readParam(String key, @Nullable WebService.Param definition) { checkArgument(definition != null, "BUG - parameter '%s' is undefined for action '%s'", key, action.key()); String deprecatedKey = definition.deprecatedKey(); - return deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key); + String param = deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key); + if (param != null && param.contains("\0")) { + throw new IllegalArgumentException("Request parameters are not allowed to contain NUL character"); + } + return param; } private List<String> readMultiParamOrDefaultValue(String key, @Nullable WebService.Param definition) { diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java index 2baebb55587..a484ebdd241 100644 --- a/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java +++ b/sonar-plugin-api/src/test/java/org/sonar/api/server/ws/RequestTest.java @@ -49,8 +49,10 @@ import static com.google.common.base.Strings.repeat; import static com.google.common.collect.Lists.newArrayList; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.assertj.core.api.Assertions.fail; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import static org.sonar.api.utils.DateUtils.parseDate; import static org.sonar.api.utils.DateUtils.parseDateTime; @@ -217,6 +219,15 @@ public class RequestTest { } @Test + public void param_contains_NUL_char_should_throw_exception() { + underTest.setParam("a_string", "value\0value"); + + assertThatThrownBy(() -> underTest.param("a_string")) + .isInstanceOf(IllegalArgumentException.class) + .hasMessage("Request parameters are not allowed to contain NUL character"); + } + + @Test public void null_param() { assertThat(underTest.param("a_string")).isNull(); assertThat(underTest.paramAsBoolean("a_boolean")).isNull(); |