SONAR-14213 Do not follow redirects when interacting with gitlab.com API

author: Wouter Admiraal <45544358+wouter-admiraal-sonarsource@users.noreply.github.com> 2021-04-20 16:39:10 +0200
committer: sonartech <sonartech@sonarsource.com> 2021-04-20 20:03:47 +0000
commit: 9c6b2db886aaa6943618573c1290aa6e422a4120 (patch)
tree: 3d93b241f177278dc0f51bd5967a2e07e97e5ff0 /server/sonar-alm-client
parent: 43ab5b022f80236d76d05cba6e1c3d57f41daff3 (diff)
download: sonarqube-9c6b2db886aaa6943618573c1290aa6e422a4120.tar.gz
sonarqube-9c6b2db886aaa6943618573c1290aa6e422a4120.zip
2 files changed, 14 insertions, 0 deletions
diff --git a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/gitlab/GitlabHttpClient.java b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/gitlab/GitlabHttpClient.java
index 61dc5a7c0bc..36011e4e96e 100644
--- a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/gitlab/GitlabHttpClient.java
+++ b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/gitlab/GitlabHttpClient.java
@@ -55,6 +55,7 @@ public class GitlabHttpClient {
     client = new OkHttpClientBuilder()
       .setConnectTimeoutMs(timeoutConfiguration.getConnectTimeout())
       .setReadTimeoutMs(timeoutConfiguration.getReadTimeout())
+      .setFollowRedirects(false)
       .build();
   }
 
@@ -167,6 +168,8 @@ public class GitlabHttpClient {
         throw new IllegalArgumentException("Your GitLab token has insufficient scope");
       } else if (response.code() == HTTP_UNAUTHORIZED) {
         throw new IllegalArgumentException("Invalid personal access token");
+      } else if (response.isRedirect()) {
+        throw new IllegalArgumentException("Request was redirected, please provide the correct URL");
       } else {
         throw new IllegalArgumentException(errorMessage);
       }
diff --git a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/gitlab/GitlabHttpClientTest.java b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/gitlab/GitlabHttpClientTest.java
index 1a67af5818b..228d21a2349 100644
--- a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/gitlab/GitlabHttpClientTest.java
+++ b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/gitlab/GitlabHttpClientTest.java
@@ -100,6 +100,17 @@ public class GitlabHttpClientTest {
   }
 
   @Test
+  public void should_throw_IllegalArgumentException_when_redirected() {
+    MockResponse response = new MockResponse()
+      .setResponseCode(308);
+    server.enqueue(response);
+
+    assertThatThrownBy(() -> underTest.searchProjects(gitlabUrl, "pat", "example", 1, 2))
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("Request was redirected, please provide the correct URL");
+  }
+
+  @Test
   public void get_project() {
     MockResponse response = new MockResponse()
       .setResponseCode(200)
author	Wouter Admiraal <45544358+wouter-admiraal-sonarsource@users.noreply.github.com>	2021-04-20 16:39:10 +0200
committer	sonartech <sonartech@sonarsource.com>	2021-04-20 20:03:47 +0000
commit	9c6b2db886aaa6943618573c1290aa6e422a4120 (patch)
tree	3d93b241f177278dc0f51bd5967a2e07e97e5ff0 /server/sonar-alm-client
parent	43ab5b022f80236d76d05cba6e1c3d57f41daff3 (diff)
download	sonarqube-9c6b2db886aaa6943618573c1290aa6e422a4120.tar.gz sonarqube-9c6b2db886aaa6943618573c1290aa6e422a4120.zip