diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java index 5ecce37b5587..9674ecc92f34 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java @@ -83,6 +83,7 @@ import org.sonar.server.view.index.ViewIndexDefinition; import static com.google.common.collect.Lists.newArrayList; +import static java.lang.String.format; import static org.sonar.server.es.EsUtils.escapeSpecialRegexChars; import static org.sonarqube.ws.client.issue.IssueFilterParameters.ASSIGNEES; import static org.sonarqube.ws.client.issue.IssueFilterParameters.AUTHORS; @@ -203,7 +204,7 @@ public IssueDoc getNullableByKey(String key) { public IssueDoc getByKey(String key) { IssueDoc value = getNullableByKey(key); if (value == null) { - throw new NotFoundException(String.format("Issue with key '%s' does not exist", key)); + throw new NotFoundException(format("Issue with key '%s' does not exist", key)); } return value; } @@ -331,7 +332,7 @@ private FilterBuilder createViewFilter(Collection viewUuids) { } public static String viewsLookupCacheKey(String viewUuid) { - return String.format("%s%s%s", IssueIndexDefinition.TYPE_ISSUE, viewUuid, ViewIndexDefinition.TYPE_VIEW); + return format("%s%s%s", IssueIndexDefinition.TYPE_ISSUE, viewUuid, ViewIndexDefinition.TYPE_VIEW); } private static FilterBuilder createAuthorizationFilter(boolean checkAuthorization, @Nullable String userLogin, Set userGroups) { @@ -632,16 +633,15 @@ public List listTags(IssueQuery query, @Nullable String textQuery, int m .size(maxNumberOfTags) .order(Terms.Order.term(true)) .minDocCount(1L); - if (textQuery != null) { - issueTags.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery)); - } TermsBuilder ruleTags = AggregationBuilders.terms(tagsOnRulesSubAggregation) .field(RuleIndexDefinition.FIELD_RULE_ALL_TAGS) .size(maxNumberOfTags) .order(Terms.Order.term(true)) .minDocCount(1L); if (textQuery != null) { - ruleTags.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery)); + String escapedTextQuery = escapeSpecialRegexChars(textQuery); + issueTags.include(format(SUBSTRING_MATCH_REGEXP, escapedTextQuery)); + ruleTags.include(format(SUBSTRING_MATCH_REGEXP, escapedTextQuery)); } SearchResponse searchResponse = requestBuilder.addAggregation(topAggreg.subAggregation(issueTags).subAggregation(ruleTags)).get(); @@ -681,7 +681,7 @@ private Terms listTermsMatching(String fieldName, IssueQuery query, @Nullable St .order(termsOrder) .minDocCount(1L); if (textQuery != null) { - aggreg.include(String.format(SUBSTRING_MATCH_REGEXP, textQuery)); + aggreg.include(format(SUBSTRING_MATCH_REGEXP, escapeSpecialRegexChars(textQuery))); } SearchResponse searchResponse = requestBuilder.addAggregation(aggreg).get(); @@ -716,7 +716,7 @@ public Iterator selectIssuesForBatch(ComponentDto component) { filter.must(FilterBuilders.termsFilter(IssueIndexDefinition.FIELD_ISSUE_COMPONENT_UUID, component.uuid())); break; default: - throw new IllegalStateException(String.format("Component of scope '%s' is not allowed", component.scope())); + throw new IllegalStateException(format("Component of scope '%s' is not allowed", component.scope())); } SearchRequestBuilder requestBuilder = getClient() diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java index 5a6d8846cda8..e3b658f72ea6 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java @@ -244,6 +244,7 @@ public void list_tags() { assertThat(service.listTags("sys", 5)).containsOnly("systag1", "systag2"); assertThat(service.listTags(null, 1)).containsOnly("bug"); assertThat(service.listTags(null, Integer.MAX_VALUE)).containsOnly("convention", "java8", "bug", "systag1", "systag2", "tag1", "tag2"); + assertThat(service.listTags("invalidRegexp[", 5)).isEmpty(); } @Test @@ -302,7 +303,7 @@ private IssueQuery projectQuery(String projectUuid) { } @Test - public void list_authors() { + public void test_listAuthors() { RuleDto rule = newRule(); ComponentDto project = newProject(); ComponentDto file = newFile(project); @@ -318,6 +319,16 @@ public void list_authors() { assertThat(service.listAuthors(null, Integer.MAX_VALUE)).containsExactly("anakin@skywalker.name", "luke.skywalker", "luke@skywalker.name"); } + @Test + public void listAuthors_escapes_regexp_special_characters() { + saveIssue(IssueTesting.newDto(newRule(), newFile(newProject()), newProject()).setAuthorLogin("name++")); + + assertThat(service.listAuthors("invalidRegexp[", 5)).isEmpty(); + assertThat(service.listAuthors("nam+", 5)).isEmpty(); + assertThat(service.listAuthors("name+", 5)).containsExactly("name++"); + assertThat(service.listAuthors(".*", 5)).isEmpty(); + } + private RuleDto newRule() { return newRule(RuleTesting.newXooX1()); }