aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorPierre Guillot <50145663+pierre-guillot-sonarsource@users.noreply.github.com>2022-10-07 13:58:19 +0200
committersonartech <sonartech@sonarsource.com>2022-10-07 20:03:00 +0000
commitaaadf8992978dbe2c4f7b1a3795c8d627234dc32 (patch)
treeecfd87da7648723ddff7dad66f24070ec587805f /server
parent657e8f919836bb5fc6b788eb72897ac639010a84 (diff)
downloadsonarqube-aaadf8992978dbe2c4f7b1a3795c8d627234dc32.tar.gz
sonarqube-aaadf8992978dbe2c4f7b1a3795c8d627234dc32.zip
SONAR-17435 fix SSF-318
Diffstat (limited to 'server')
-rw-r--r--server/sonar-web/src/main/js/api/settings.ts6
-rw-r--r--server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java12
-rw-r--r--server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java40
3 files changed, 28 insertions, 30 deletions
diff --git a/server/sonar-web/src/main/js/api/settings.ts b/server/sonar-web/src/main/js/api/settings.ts
index 6fd866a2a30..20c397eedc6 100644
--- a/server/sonar-web/src/main/js/api/settings.ts
+++ b/server/sonar-web/src/main/js/api/settings.ts
@@ -20,7 +20,7 @@
import { omitBy } from 'lodash';
import { isCategoryDefinition } from '../apps/settings/utils';
import { throwGlobalError } from '../helpers/error';
-import { getJSON, post, postJSON, RequestData } from '../helpers/request';
+import { getJSON, post, RequestData } from '../helpers/request';
import { BranchParameters } from '../types/branch-like';
import {
ExtendedSettingDefinition,
@@ -105,9 +105,9 @@ export function checkSecretKey(): Promise<{ secretKeyAvailable: boolean }> {
}
export function generateSecretKey(): Promise<{ secretKey: string }> {
- return postJSON('/api/settings/generate_secret_key').catch(throwGlobalError);
+ return getJSON('/api/settings/generate_secret_key').catch(throwGlobalError);
}
export function encryptValue(value: string): Promise<{ encryptedValue: string }> {
- return postJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
+ return getJSON('/api/settings/encrypt', { value }).catch(throwGlobalError);
}
diff --git a/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java b/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java
index 36334869a00..636ada3a8d2 100644
--- a/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java
+++ b/server/sonar-webserver-ws/src/main/java/org/sonar/server/ws/RequestVerifier.java
@@ -36,12 +36,14 @@ public class RequestVerifier {
if (action.isPost()) {
throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method POST is required");
}
- return;
- case "PUT":
- case "DELETE":
- throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method()));
+ break;
+ case "POST":
+ if (!action.isPost()) {
+ throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method GET is required");
+ }
+ break;
default:
- // Nothing to do
+ throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method()));
}
}
}
diff --git a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
index e138a6bc316..bec6603904b 100644
--- a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
+++ b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
@@ -57,7 +57,7 @@ public class WebServiceEngineTest {
@Test
public void load_ws_definitions_at_startup() {
- WebServiceEngine underTest = new WebServiceEngine(new WebService[] {
+ WebServiceEngine underTest = new WebServiceEngine(new WebService[]{
newWs("api/foo/index", a -> {
}),
newWs("api/bar/index", a -> {
@@ -75,7 +75,7 @@ public class WebServiceEngineTest {
@DataProvider
public static Object[][] responseData() {
- return new Object[][] {
+ return new Object[][]{
{"/api/ping", "pong", 200},
{"api/ping", "pong", 200},
{"api/ping.json", "pong", 200},
@@ -130,35 +130,31 @@ public class WebServiceEngineTest {
}
@Test
- public void POST_is_considered_as_GET_if_POST_is_not_supported() {
- Request request = new TestRequest().setMethod("POST").setPath("api/ping");
+ public void fail_if_method_POST_is_not_allowed() {
+ Request request = new TestRequest().setMethod("POST").setPath("api/foo");
- DumbResponse response = run(request, newPingWs(a -> {
- }));
+ DumbResponse response = run(request, newWs("api/foo", a -> a.setPost(false)));
- assertThat(response.stream().outputAsString()).isEqualTo("pong");
- assertThat(response.status()).isEqualTo(200);
+ assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method GET is required\"}]}");
+ assertThat(response.status()).isEqualTo(405);
}
- @Test
- public void method_PUT_is_not_allowed() {
- Request request = new TestRequest().setMethod("PUT").setPath("/api/ping");
-
- DumbResponse response = run(request, newPingWs(a -> {
- }));
-
- assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method PUT is not allowed\"}]}");
- assertThat(response.status()).isEqualTo(405);
+ @DataProvider
+ public static String[] verbs() {
+ return new String[]{
+ "PUT", "DELETE", "HEAD", "PATCH", "CONNECT", "OPTIONS", "TRACE"
+ };
}
@Test
- public void method_DELETE_is_not_allowed() {
- Request request = new TestRequest().setMethod("DELETE").setPath("api/ping");
+ @UseDataProvider("verbs")
+ public void method_is_not_allowed(String verb) {
+ Request request = new TestRequest().setMethod(verb).setPath("/api/ping");
DumbResponse response = run(request, newPingWs(a -> {
}));
- assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method DELETE is not allowed\"}]}");
+ assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method " + verb + " is not allowed\"}]}");
assertThat(response.status()).isEqualTo(405);
}
@@ -315,7 +311,7 @@ public class WebServiceEngineTest {
})));
assertThat(response.stream().outputAsString()).isEqualTo(
- "{\"scope\":\"PROJECT\",\"errors\":[{\"msg\":\"Bad request !\"}]}");
+ "{\"scope\":\"PROJECT\",\"errors\":[{\"msg\":\"Bad request !\"}]}");
assertThat(response.status()).isEqualTo(400);
assertThat(response.mediaType()).isEqualTo(MediaTypes.JSON);
assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty();
@@ -394,7 +390,7 @@ public class WebServiceEngineTest {
public void fail_when_start_in_not_called() {
Request request = new TestRequest().setPath("/api/ping");
DumbResponse response = new DumbResponse();
- WebServiceEngine underTest = new WebServiceEngine(new WebService[] {newPingWs(a -> {
+ WebServiceEngine underTest = new WebServiceEngine(new WebService[]{newPingWs(a -> {
})});
underTest.execute(request, response);