Skip to content

Commit

Permalink
SONARJAVA-4865 Fix issue when path is named regex (#4728)
Browse files Browse the repository at this point in the history
  • Loading branch information
@irina-batinic-sonarsource
irina-batinic-sonarsource authored Mar 21, 2024
1 parent 8a4de4d commit 5592a80
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 1 deletion.
2 changes: 1 addition & 1 deletion its/autoscan/src/test/resources/autoscan/diffs/diff_S6856.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"ruleKey": "S6856",
"hasTruePositives": false,
"falseNegatives": 22,
"falseNegatives": 23,
"falsePositives": 0
}
14 changes: 14 additions & 0 deletions ...s-test-sources/default/src/main/java/checks/MissingPathVariableAnnotationCheckSample.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,20 @@
import org.springframework.web.bind.annotation.PutMapping;

public class MissingPathVariableAnnotationCheckSample {

@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}") // Noncompliant
public void handleWithoutExt(@PathVariable String name, @PathVariable String version) {}

@GetMapping("/something/{id:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}}") // Compliant
public String getObj(@PathVariable("id") String id){
return "";
}

@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}") // Compliant
public void handle(@PathVariable String name, @PathVariable String version, @PathVariable String ext) {}



@GetMapping("/{id}") // Noncompliant [[sc=3;ec=23]] {{Bind path variable "id" to a method parameter.}}
public String get(String id) {
return "Hello World";
Expand Down
13 changes: 13 additions & 0 deletions java-checks/src/main/java/org/sonar/java/checks/MissingPathVariableAnnotationCheck.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.MatchResult;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
Expand All @@ -45,6 +46,9 @@ public class MissingPathVariableAnnotationCheck extends IssuableSubscriptionVisi
private static final String MODEL_ATTRIBUTE_ANNOTATION = "org.springframework.web.bind.annotation.ModelAttribute";
private static final Pattern EXTRACT_PATH_VARIABLE = Pattern.compile("([^:}/]*)(:.*)?}.*");
private static final Predicate<String> CONTAINS_PLACEHOLDER = Pattern.compile("\\$\\{.*}").asPredicate();
private static final Predicate<String> PATH_ARG_REGEX = Pattern.compile("\\{([^{}:]+:.*)}").asPredicate();
private static final Pattern PATH_REGEX = Pattern.compile("\\{([^{}]+)}");

private static final List<String> MAPPING_ANNOTATIONS = List.of(
"org.springframework.web.bind.annotation.GetMapping",
"org.springframework.web.bind.annotation.PostMapping",
Expand Down Expand Up @@ -131,6 +135,15 @@ private static Set<String> extractPathVariables(String path) {
return new HashSet<>();
}

if (PATH_ARG_REGEX.test(path)) {
return PATH_REGEX.matcher(path).results()
.map(MatchResult::group)
.map(s -> s.substring(1))
.filter(s -> s.contains(":"))
.map(s -> s.split(":")[0])
.collect(Collectors.toSet());
}

return Stream.of(path.split("\\{"))
.map(EXTRACT_PATH_VARIABLE::matcher)
.filter(Matcher::matches)
Expand Down

0 comments on commit 5592a80

Please sign in to comment.