diff options
author | Zipeng WU <zipeng.wu@sonarsource.com> | 2021-07-01 15:24:24 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2021-07-01 20:03:19 +0000 |
commit | 79ecdf7bef85c00ae5b9271ef8d7338306d72881 (patch) | |
tree | 35e2d8b6c08848c9e666cdb708b6401724605723 /sonar-plugin-api-impl | |
parent | a14676204f59098a9e8983da4ecc21bbaf81ac14 (diff) | |
download | sonarqube-79ecdf7bef85c00ae5b9271ef8d7338306d72881.tar.gz sonarqube-79ecdf7bef85c00ae5b9271ef8d7338306d72881.zip |
SONAR-13513 Request parameter should not allow NUL character
Diffstat (limited to 'sonar-plugin-api-impl')
-rw-r--r-- | sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java index 033b95f8fb7..cc83b0cf58b 100644 --- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java +++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/impl/ws/ValidatingRequest.java @@ -153,7 +153,11 @@ public abstract class ValidatingRequest extends Request { private String readParam(String key, @Nullable WebService.Param definition) { checkArgument(definition != null, "BUG - parameter '%s' is undefined for action '%s'", key, action.key()); String deprecatedKey = definition.deprecatedKey(); - return deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key); + String param = deprecatedKey != null ? defaultString(readParam(deprecatedKey), readParam(key)) : readParam(key); + if (param != null && param.contains("\0")) { + throw new IllegalArgumentException("Request parameters are not allowed to contain NUL character"); + } + return param; } private List<String> readMultiParamOrDefaultValue(String key, @Nullable WebService.Param definition) { |