SONAR-24085 Fix quality gate issues

author: Nolwenn Cadic <98824442+Nolwenn-cadic-sonarsource@users.noreply.github.com> 2024-12-24 15:57:56 +0100
committer: sonartech <sonartech@sonarsource.com> 2024-12-24 15:29:20 +0000
commit: a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf (patch)
tree: 138c4283ebd3d9bab543e3227bf8e403cc900c6f /server/sonar-auth-ldap
parent: 5c4ea71c1b02c1765c613eeb8582cd36de69804d (diff)
download: sonarqube-a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf.tar.gz
sonarqube-a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/DefaultLdapAuthenticator.java b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/DefaultLdapAuthenticator.java
index 2d7cd638a97..7ff1d67611a 100644
--- a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/DefaultLdapAuthenticator.java
+++ b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/DefaultLdapAuthenticator.java
@@ -20,6 +20,8 @@
 package org.sonar.auth.ldap;
 
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.naming.NamingException;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
@@ -37,6 +39,8 @@ import org.sonar.api.server.ServerSide;
 @ServerSide
 public class DefaultLdapAuthenticator implements LdapAuthenticator {
 
+  private static final Pattern SANITIZE_PATTERN = Pattern.compile("[\n\r]");
+
   private static final Logger LOG = LoggerFactory.getLogger(DefaultLdapAuthenticator.class);
   private final Map<String, LdapContextFactory> contextFactories;
   private final Map<String, LdapUserMapping> userMappings;
@@ -78,7 +82,7 @@ public class DefaultLdapAuthenticator implements LdapAuthenticator {
         return LdapAuthenticationResult.success(ldapKey);
       }
     }
-    LOG.debug("User {} not found", login);
+    LOG.atDebug().log("User {} not found", getSanitizedLogin(login));
     return LdapAuthenticationResult.failed();
   }
 
@@ -87,16 +91,21 @@ public class DefaultLdapAuthenticator implements LdapAuthenticator {
     try {
       result = ldapUserMapping.createSearch(ldapContextFactory, login).findUnique();
     } catch (NamingException e) {
-      LOG.debug("User {} not found in server <{}>: {}", login, ldapKey, e.toString());
+      LOG.atDebug().log("User {} not found in server <{}>: {}", getSanitizedLogin(login), ldapKey, e.toString());
       return null;
     }
     if (result == null) {
-      LOG.debug("User {} not found in <{}>", login, ldapKey);
+      LOG.atDebug().log("User {} not found in <{}>", getSanitizedLogin(login), ldapKey);
       return null;
     }
     return result;
   }
 
+  private static String getSanitizedLogin(String login) {
+    Matcher matcher = SANITIZE_PATTERN.matcher(login);
+    return matcher.replaceAll("_");
+  }
+
   private boolean isPasswordValid(String password, String ldapKey, LdapContextFactory ldapContextFactory, String principal) {
     if (ldapContextFactory.isGssapi()) {
       return checkPasswordUsingGssapi(principal, password, ldapKey);
author	Nolwenn Cadic <98824442+Nolwenn-cadic-sonarsource@users.noreply.github.com>	2024-12-24 15:57:56 +0100
committer	sonartech <sonartech@sonarsource.com>	2024-12-24 15:29:20 +0000
commit	a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf (patch)
tree	138c4283ebd3d9bab543e3227bf8e403cc900c6f /server/sonar-auth-ldap
parent	5c4ea71c1b02c1765c613eeb8582cd36de69804d (diff)
download	sonarqube-a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf.tar.gz sonarqube-a7e0cfbd1f1c700434cf8bfb2dc3d688d92008bf.zip