SONAR-19530 acted upon warnings about missing response examples in webapi

author: lukasz-jarocki-sonarsource <lukasz.jarocki@sonarsource.com> 2024-06-24 10:01:47 +0200
committer: sonartech <sonartech@sonarsource.com> 2024-06-26 20:03:32 +0000
commit: 6df23c460af61c95cb7681dc599d2dfb376fa526 (patch)
tree: c3c6143542f092899361ef7449c7d205e9d7c178 /server/sonar-webserver-auth
parent: 36a554a42c27bc782f7bbbd5357dfca05c93f952 (diff)
download: sonarqube-6df23c460af61c95cb7681dc599d2dfb376fa526.tar.gz
sonarqube-6df23c460af61c95cb7681dc599d2dfb376fa526.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SamlValidationRedirectionFilter.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SamlValidationRedirectionFilter.java
index d8ef581bd13..f602608a42a 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SamlValidationRedirectionFilter.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SamlValidationRedirectionFilter.java
@@ -26,7 +26,7 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import javax.annotation.Nullable;
 import org.apache.commons.lang3.StringUtils;
-import org.sonar.api.internal.apachecommons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.sonar.api.platform.Server;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.api.server.http.HttpResponse;
@@ -78,7 +78,7 @@ public class SamlValidationRedirectionFilter extends HttpFilter {
       URI redirectionEndpointUrl = URI.create(server.getContextPath() + "/")
         .resolve(SAML_VALIDATION_CONTROLLER_CONTEXT + "/")
         .resolve(SAML_VALIDATION_KEY);
-      String samlResponse = StringEscapeUtils.escapeHtml(request.getParameter(SAML_RESPONSE_PARAMETER));
+      String samlResponse = StringEscapeUtils.escapeHtml3(request.getParameter(SAML_RESPONSE_PARAMETER));
       String csrfToken = getCsrfTokenFromRelayState(relayState);
 
       String nonce = SamlValidationCspHeaders.addCspHeadersWithNonceToResponse(response);
@@ -103,7 +103,7 @@ public class SamlValidationRedirectionFilter extends HttpFilter {
 
   private static String getCsrfTokenFromRelayState(@Nullable String relayState) {
     if (relayState != null && relayState.contains("/")) {
-      return StringEscapeUtils.escapeHtml(relayState.split("/")[1]);
+      return StringEscapeUtils.escapeHtml3(relayState.split("/")[1]);
     }
     return "";
   }
author	lukasz-jarocki-sonarsource <lukasz.jarocki@sonarsource.com>	2024-06-24 10:01:47 +0200
committer	sonartech <sonartech@sonarsource.com>	2024-06-26 20:03:32 +0000
commit	6df23c460af61c95cb7681dc599d2dfb376fa526 (patch)
tree	c3c6143542f092899361ef7449c7d205e9d7c178 /server/sonar-webserver-auth
parent	36a554a42c27bc782f7bbbd5357dfca05c93f952 (diff)
download	sonarqube-6df23c460af61c95cb7681dc599d2dfb376fa526.tar.gz sonarqube-6df23c460af61c95cb7681dc599d2dfb376fa526.zip