SONAR-19014 Don't rely on plugin APIs list of static resources

author: Duarte Meneses <duarte.meneses@sonarsource.com> 2023-05-02 13:44:15 -0500
committer: sonartech <sonartech@sonarsource.com> 2023-05-03 20:02:58 +0000
commit: e0202e205709f1b06b56f7f108b12476860412d4 (patch)
tree: 97c1390c94211346e23ef8e1c479b8d8c5cbf84b
parent: 0f7a9234de7d0601f17d48ca0b16c270f1da380c (diff)
download: sonarqube-e0202e205709f1b06b56f7f108b12476860412d4.tar.gz
sonarqube-e0202e205709f1b06b56f7f108b12476860412d4.zip
7 files changed, 79 insertions, 13 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java
index d551292c3b0..49d3906e2a5 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierFilter.java
@@ -22,6 +22,7 @@ package org.sonar.server.authentication;
 import java.io.IOException;
 import java.util.Set;
 import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.api.server.http.HttpResponse;
 import org.sonar.api.web.FilterChain;
@@ -29,7 +30,6 @@ import org.sonar.api.web.HttpFilter;
 import org.sonar.api.web.UrlPattern;
 import org.sonar.server.user.ThreadLocalUserSession;
 
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
 import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
 
 public class DefaultAdminCredentialsVerifierFilter extends HttpFilter {
@@ -58,7 +58,7 @@ public class DefaultAdminCredentialsVerifierFilter extends HttpFilter {
   public UrlPattern doGetPattern() {
     return UrlPattern.builder()
       .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
       .excludes(SKIPPED_URLS)
       .build();
   }
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java
index 68f494d988d..0b254491779 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/ResetPasswordFilter.java
@@ -21,6 +21,7 @@ package org.sonar.server.authentication;
 
 import java.io.IOException;
 import java.util.Set;
+import org.sonar.api.impl.ws.StaticResources;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.api.server.http.HttpResponse;
 import org.sonar.api.web.FilterChain;
@@ -28,7 +29,6 @@ import org.sonar.api.web.HttpFilter;
 import org.sonar.api.web.UrlPattern;
 import org.sonar.server.user.ThreadLocalUserSession;
 
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
 import static org.sonar.server.authentication.AuthenticationRedirection.redirectTo;
 
 public class ResetPasswordFilter extends HttpFilter {
@@ -48,7 +48,7 @@ public class ResetPasswordFilter extends HttpFilter {
   public UrlPattern doGetPattern() {
     return UrlPattern.builder()
       .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
       .excludes(SKIPPED_URLS)
       .build();
   }
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
index 8a809380a13..ab36616e010 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
@@ -22,6 +22,7 @@ package org.sonar.server.authentication;
 import java.util.Optional;
 import java.util.Set;
 import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
 import org.sonar.api.server.ServerSide;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.api.server.http.HttpResponse;
@@ -39,7 +40,6 @@ import static org.apache.commons.lang.StringUtils.defaultString;
 import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE;
 import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
 import static org.sonar.api.utils.DateUtils.formatDateTime;
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
 import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError;
 
 @ServerSide
@@ -75,7 +75,7 @@ public class UserSessionInitializer {
 
   private static final UrlPattern URL_PATTERN = UrlPattern.builder()
     .includes("/*")
-    .excludes(staticResourcePatterns())
+    .excludes(StaticResources.patterns())
     .excludes(SKIPPED_URLS)
     .build();
 
@@ -83,7 +83,6 @@ public class UserSessionInitializer {
     .includes(URL_USING_PASSCODE)
     .build();
 
-
   private final Configuration config;
   private final ThreadLocalUserSession threadLocalSession;
   private final AuthenticationEvent authenticationEvent;
diff --git a/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java b/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java
index 8d7470f2a36..8b625204318 100644
--- a/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java
+++ b/server/sonar-webserver-core/src/main/java/org/sonar/server/plugins/PluginsRiskConsentFilter.java
@@ -22,6 +22,7 @@ package org.sonar.server.plugins;
 import java.io.IOException;
 import java.util.Set;
 import org.sonar.api.config.Configuration;
+import org.sonar.api.impl.ws.StaticResources;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.api.server.http.HttpResponse;
 import org.sonar.api.web.FilterChain;
@@ -30,7 +31,6 @@ import org.sonar.api.web.UrlPattern;
 import org.sonar.core.extension.PluginRiskConsent;
 import org.sonar.server.user.ThreadLocalUserSession;
 
-import static org.sonar.api.web.UrlPattern.Builder.staticResourcePatterns;
 import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
 import static org.sonar.core.extension.PluginRiskConsent.NOT_ACCEPTED;
 import static org.sonar.core.extension.PluginRiskConsent.REQUIRED;
@@ -74,7 +74,7 @@ public class PluginsRiskConsentFilter extends HttpFilter {
   public UrlPattern doGetPattern() {
     return UrlPattern.builder()
       .includes("/*")
-      .excludes(staticResourcePatterns())
+      .excludes(StaticResources.patterns())
       .excludes(SKIPPED_URLS)
       .build();
   }
diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java
index 5e32a354f14..39921faf724 100644
--- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java
+++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesFilter.java
@@ -36,7 +36,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Locale.ENGLISH;
 import static java.util.Objects.requireNonNull;
 import static org.apache.commons.io.IOUtils.write;
-import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns;
+import static org.sonar.api.impl.ws.StaticResources.patterns;
 import static org.sonarqube.ws.MediaTypes.HTML;
 
 /**
@@ -50,7 +50,7 @@ public class WebPagesFilter implements Filter {
 
   private static final ServletFilter.UrlPattern URL_PATTERN = ServletFilter.UrlPattern
     .builder()
-    .excludes(staticResourcePatterns())
+    .excludes(patterns())
     .excludes("/api/v2/*")
     .build();
 
@@ -60,8 +60,7 @@ public class WebPagesFilter implements Filter {
     this(PlatformImpl.getInstance().getContainer().getComponentByType(WebPagesCache.class));
   }
 
-  @VisibleForTesting
-  WebPagesFilter(WebPagesCache webPagesCache) {
+  @VisibleForTesting WebPagesFilter(WebPagesCache webPagesCache) {
     this.webPagesCache = webPagesCache;
   }
 
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java
new file mode 100644
index 00000000000..30c98254bb9
--- /dev/null
+++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/StaticResources.java
@@ -0,0 +1,37 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.impl.ws;
+
+import java.util.Collection;
+import java.util.List;
+
+public class StaticResources {
+  private static final Collection<String> STATIC_RESOURCES = List.of("*.css", "*.css.map", "*.ico", "*.png",
+    "*.jpg", "*.jpeg", "*.gif", "*.svg", "*.js", "*.js.map", "*.pdf", "/json/*", "*.woff2", "/static/*",
+    "/robots.txt", "/favicon.ico", "/apple-touch-icon*", "/mstile*");
+
+  private StaticResources() {
+    // only static
+  }
+
+  public static Collection<String> patterns() {
+    return STATIC_RESOURCES;
+  }
+}
diff --git a/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java b/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java
new file mode 100644
index 00000000000..5a9e483b5ca
--- /dev/null
+++ b/sonar-plugin-api-impl/src/test/java/org/sonar/api/impl/ws/StaticResourcesTest.java
@@ -0,0 +1,31 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.impl.ws;
+
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class StaticResourcesTest {
+  @Test
+  public void patterns_shouldNotBeEmpty() {
+    assertThat(StaticResources.patterns()).isNotEmpty();
+  }
+}
+\ No newline at end of file
author	Duarte Meneses <duarte.meneses@sonarsource.com>	2023-05-02 13:44:15 -0500
committer	sonartech <sonartech@sonarsource.com>	2023-05-03 20:02:58 +0000
commit	e0202e205709f1b06b56f7f108b12476860412d4 (patch)
tree	97c1390c94211346e23ef8e1c479b8d8c5cbf84b
parent	0f7a9234de7d0601f17d48ca0b16c270f1da380c (diff)
download	sonarqube-e0202e205709f1b06b56f7f108b12476860412d4.tar.gz sonarqube-e0202e205709f1b06b56f7f108b12476860412d4.zip