diff options
| author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2017-01-06 10:14:12 +0100 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@sonarsource.com> | 2017-01-10 09:56:55 +0100 |
| commit | 0ccb32a9abd19736ecca3c5a60400e918665bfa9 (patch) | |
| tree | e5962faf55cb940271bb49bc8de38969ed6dee14 /server | |
| parent | 2334d16fbf819fb900bb545458ad879ad93236c2 (diff) | |
| download | sonarqube-0ccb32a9abd19736ecca3c5a60400e918665bfa9.tar.gz sonarqube-0ccb32a9abd19736ecca3c5a60400e918665bfa9.zip | |
SONAR-7300 Fail when WS request is PUT or DELETE
Diffstat (limited to 'server')
| -rw-r--r-- | server/sonar-server/src/main/java/org/sonar/server/ws/RequestVerifier.java | 16 | ||||
| -rw-r--r-- | server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java | 18 |
2 files changed, 30 insertions, 4 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ws/RequestVerifier.java b/server/sonar-server/src/main/java/org/sonar/server/ws/RequestVerifier.java index 5e86d884387..5a3fa8e1487 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ws/RequestVerifier.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ws/RequestVerifier.java @@ -23,7 +23,7 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.WebService; import org.sonar.server.exceptions.ServerException; -import javax.servlet.http.HttpServletResponse; +import static javax.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED; public class RequestVerifier { private RequestVerifier() { @@ -31,9 +31,17 @@ public class RequestVerifier { } public static void verifyRequest(WebService.Action action, Request request) { - // verify the HTTP verb - if (action.isPost() && !"POST".equals(request.method())) { - throw new ServerException(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "HTTP method POST is required"); + switch (request.method()) { + case "GET": + if (action.isPost()) { + throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method POST is required"); + } + return; + case "PUT": + case "DELETE": + throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method())); + default: + // Nothing to do } } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java index b1eaf0ecb82..675fb59c155 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java @@ -148,6 +148,24 @@ public class WebServiceEngineTest { } @Test + public void method_put_not_allowed() { + ValidatingRequest request = new TestRequest().setMethod("PUT").setPath("/api/system/ping"); + DumbResponse response = new DumbResponse(); + underTest.execute(request, response); + + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method PUT is not allowed\"}]}"); + } + + @Test + public void method_delete_not_allowed() { + ValidatingRequest request = new TestRequest().setMethod("DELETE").setPath("/api/system/ping"); + DumbResponse response = new DumbResponse(); + underTest.execute(request, response); + + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method DELETE is not allowed\"}]}"); + } + + @Test public void method_post_required() { ValidatingRequest request = new TestRequest().setMethod("POST").setPath("/api/system/ping"); DumbResponse response = new DumbResponse(); |