SONAR-11225 NPE when using RelativePathPredicate with a path starting by ..

author: Duarte Meneses <duarte.meneses@sonarsource.com> 2019-01-10 15:54:51 +0100
committer: SonarTech <sonartech@sonarsource.com> 2019-01-10 20:21:03 +0100
commit: 355a3b65066e968e3669a97892df81ef15770a55 (patch)
tree: dd54d1d2adc31321e31cd44da83d7e3ec2d3626b /sonar-plugin-api/src/test/java
parent: a71d799bc56dfa834aaadf8a0b13b88496ac0585 (diff)
download: sonarqube-355a3b65066e968e3669a97892df81ef15770a55.tar.gz
sonarqube-355a3b65066e968e3669a97892df81ef15770a55.zip
3 files changed, 65 insertions, 7 deletions
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
index aa90503553d..2592bee85ab 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/OrPredicateTest.java
@@ -33,14 +33,14 @@ public class OrPredicateTest {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
     PathPatternPredicate pathPatternPredicate3 = new PathPatternPredicate(PathPattern.create("foo3/**"));
-    FilePredicate orPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
-      OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate2, pathPatternPredicate3))));
+    FilePredicate orPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
+      OrPredicate.create(Arrays.asList(pathPatternPredicate2, pathPatternPredicate3))));
     assertThat(((OrPredicate) orPredicate).predicates()).containsExactly(pathPatternPredicate1, pathPatternPredicate2, pathPatternPredicate3);
   }
 
   @Test
   public void simplifyOrExpressionsWhenEmpty() {
-    FilePredicate orPredicate = OrPredicate.create(Arrays.<FilePredicate>asList());
+    FilePredicate orPredicate = OrPredicate.create(Arrays.asList());
     assertThat(orPredicate).isEqualTo(TruePredicate.TRUE);
   }
 
@@ -48,7 +48,7 @@ public class OrPredicateTest {
   public void simplifyOrExpressionsWhenFalse() {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
-    FilePredicate andPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
+    FilePredicate andPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
       FalsePredicate.FALSE, pathPatternPredicate2));
     assertThat(((OrPredicate) andPredicate).predicates()).containsExactly(pathPatternPredicate1, pathPatternPredicate2);
   }
@@ -57,7 +57,7 @@ public class OrPredicateTest {
   public void simplifyAndExpressionsWhenTrue() {
     PathPatternPredicate pathPatternPredicate1 = new PathPatternPredicate(PathPattern.create("foo1/**"));
     PathPatternPredicate pathPatternPredicate2 = new PathPatternPredicate(PathPattern.create("foo2/**"));
-    FilePredicate andPredicate = OrPredicate.create(Arrays.<FilePredicate>asList(pathPatternPredicate1,
+    FilePredicate andPredicate = OrPredicate.create(Arrays.asList(pathPatternPredicate1,
       TruePredicate.TRUE, pathPatternPredicate2));
     assertThat(andPredicate).isEqualTo(TruePredicate.TRUE);
   }
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java
new file mode 100644
index 00000000000..50bcba8f2da
--- /dev/null
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/batch/fs/internal/RelativePathPredicateTest.java
@@ -0,0 +1,53 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2019 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.api.batch.fs.internal;
+
+import org.junit.Test;
+import org.sonar.api.batch.fs.InputFile;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class RelativePathPredicateTest {
+  @Test
+  public void returns_false_when_path_is_invalid() {
+    RelativePathPredicate predicate = new RelativePathPredicate("..");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path");
+    assertThat(predicate.apply(inputFile)).isFalse();
+  }
+
+  @Test
+  public void returns_true_if_matches() {
+    RelativePathPredicate predicate = new RelativePathPredicate("path");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path");
+    assertThat(predicate.apply(inputFile)).isTrue();
+  }
+
+  @Test
+  public void returns_false_if_doesnt_match() {
+    RelativePathPredicate predicate = new RelativePathPredicate("path1");
+    InputFile inputFile = mock(InputFile.class);
+    when(inputFile.relativePath()).thenReturn("path2");
+    assertThat(predicate.apply(inputFile)).isFalse();
+  }
+}
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
index fc0f7a0cb1c..80371dc5aa2 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/utils/PathUtilsTest.java
@@ -42,14 +42,19 @@ public class PathUtilsTest {
   public TemporaryFolder temp = new TemporaryFolder();
 
   @Test
-  public void testSanitize() throws Exception {
+  public void sanitize_succeeds() {
     assertThat(PathUtils.sanitize("foo/bar/..")).isEqualTo("foo/");
     assertThat(PathUtils.sanitize("C:\\foo\\..\\bar")).isEqualTo("C:/bar");
     assertThat(PathUtils.sanitize(null)).isNull();
   }
 
   @Test
-  public void test_canonicalPath() throws Exception {
+  public void sanitize_invalid_paths_returns_null() {
+    assertThat(PathUtils.sanitize("../foo")).isNull();
+  }
+
+  @Test
+  public void canonicalPath_succeeds() throws Exception {
     File file = temp.newFile();
     String path = PathUtils.canonicalPath(file);
     assertThat(path).isEqualTo(FilenameUtils.separatorsToUnix(file.getCanonicalPath()));
author	Duarte Meneses <duarte.meneses@sonarsource.com>	2019-01-10 15:54:51 +0100
committer	SonarTech <sonartech@sonarsource.com>	2019-01-10 20:21:03 +0100
commit	355a3b65066e968e3669a97892df81ef15770a55 (patch)
tree	dd54d1d2adc31321e31cd44da83d7e3ec2d3626b /sonar-plugin-api/src/test/java
parent	a71d799bc56dfa834aaadf8a0b13b88496ac0585 (diff)
download	sonarqube-355a3b65066e968e3669a97892df81ef15770a55.tar.gz sonarqube-355a3b65066e968e3669a97892df81ef15770a55.zip