SONAR-8437 fix listing of issue tags and authors

2 files changed, 20 insertions, 9 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java
index 5ecce37b558..9674ecc92f3 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java
@@ -83,6 +83,7 @@ import org.sonar.server.user.UserSession;
 import org.sonar.server.view.index.ViewIndexDefinition;
 
 import static com.google.common.collect.Lists.newArrayList;
+import static java.lang.String.format;
 import static org.sonar.server.es.EsUtils.escapeSpecialRegexChars;
 import static org.sonarqube.ws.client.issue.IssueFilterParameters.ASSIGNEES;
 import static org.sonarqube.ws.client.issue.IssueFilterParameters.AUTHORS;
@@ -203,7 +204,7 @@ public class IssueIndex extends BaseIndex {
   public IssueDoc getByKey(String key) {
     IssueDoc value = getNullableByKey(key);
     if (value == null) {
-      throw new NotFoundException(String.format("Issue with key '%s' does not exist", key));
+      throw new NotFoundException(format("Issue with key '%s' does not exist", key));
     }
     return value;
   }
@@ -331,7 +332,7 @@ public class IssueIndex extends BaseIndex {
   }
 
   public static String viewsLookupCacheKey(String viewUuid) {
-    return String.format("%s%s%s", IssueIndexDefinition.TYPE_ISSUE, viewUuid, ViewIndexDefinition.TYPE_VIEW);
+    return format("%s%s%s", IssueIndexDefinition.TYPE_ISSUE, viewUuid, ViewIndexDefinition.TYPE_VIEW);
   }
 
   private static FilterBuilder createAuthorizationFilter(boolean checkAuthorization, @Nullable String userLogin, Set<String> userGroups) {
@@ -632,16 +633,15 @@ public class IssueIndex extends BaseIndex {
       .size(maxNumberOfTags)
       .order(Terms.Order.term(true))
       .minDocCount(1L);
-    if (textQuery != null) {
-      issueTags.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery));
-    }
     TermsBuilder ruleTags = AggregationBuilders.terms(tagsOnRulesSubAggregation)
       .field(RuleIndexDefinition.FIELD_RULE_ALL_TAGS)
       .size(maxNumberOfTags)
       .order(Terms.Order.term(true))
       .minDocCount(1L);
     if (textQuery != null) {
-      ruleTags.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery));
+      String escapedTextQuery = escapeSpecialRegexChars(textQuery);
+      issueTags.include(format(SUBSTRING_MATCH_REGEXP, escapedTextQuery));
+      ruleTags.include(format(SUBSTRING_MATCH_REGEXP, escapedTextQuery));
     }
 
     SearchResponse searchResponse = requestBuilder.addAggregation(topAggreg.subAggregation(issueTags).subAggregation(ruleTags)).get();
@@ -681,7 +681,7 @@ public class IssueIndex extends BaseIndex {
       .order(termsOrder)
       .minDocCount(1L);
     if (textQuery != null) {
-      aggreg.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery));
+      aggreg.include(format(SUBSTRING_MATCH_REGEXP, escapeSpecialRegexChars(textQuery)));
     }
 
     SearchResponse searchResponse = requestBuilder.addAggregation(aggreg).get();
@@ -716,7 +716,7 @@ public class IssueIndex extends BaseIndex {
         filter.must(FilterBuilders.termsFilter(IssueIndexDefinition.FIELD_ISSUE_COMPONENT_UUID, component.uuid()));
         break;
       default:
-        throw new IllegalStateException(String.format("Component of scope '%s' is not allowed", component.scope()));
+        throw new IllegalStateException(format("Component of scope '%s' is not allowed", component.scope()));
     }
 
     SearchRequestBuilder requestBuilder = getClient()
diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java
index 5a6d8846cda..e3b658f72ea 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java
@@ -244,6 +244,7 @@ public class IssueServiceMediumTest {
     assertThat(service.listTags("sys", 5)).containsOnly("systag1", "systag2");
     assertThat(service.listTags(null, 1)).containsOnly("bug");
     assertThat(service.listTags(null, Integer.MAX_VALUE)).containsOnly("convention", "java8", "bug", "systag1", "systag2", "tag1", "tag2");
+    assertThat(service.listTags("invalidRegexp[", 5)).isEmpty();
   }
 
   @Test
@@ -302,7 +303,7 @@ public class IssueServiceMediumTest {
   }
 
   @Test
-  public void list_authors() {
+  public void test_listAuthors() {
     RuleDto rule = newRule();
     ComponentDto project = newProject();
     ComponentDto file = newFile(project);
@@ -318,6 +319,16 @@ public class IssueServiceMediumTest {
     assertThat(service.listAuthors(null, Integer.MAX_VALUE)).containsExactly("anakin@skywalker.name", "luke.skywalker", "luke@skywalker.name");
   }
 
+  @Test
+  public void listAuthors_escapes_regexp_special_characters() {
+    saveIssue(IssueTesting.newDto(newRule(), newFile(newProject()), newProject()).setAuthorLogin("name++"));
+
+    assertThat(service.listAuthors("invalidRegexp[", 5)).isEmpty();
+    assertThat(service.listAuthors("nam+", 5)).isEmpty();
+    assertThat(service.listAuthors("name+", 5)).containsExactly("name++");
+    assertThat(service.listAuthors(".*", 5)).isEmpty();
+  }
+
   private RuleDto newRule() {
     return newRule(RuleTesting.newXooX1());
   }