Address review feedback

Author: idodeclare

opengrok-indexer/src/main/java/org/opengrok/indexer/authorization/AuthorizationFramework.java

@@ -38,7 +38,7 @@
 import org.opengrok.indexer.configuration.RuntimeEnvironment;
 import org.opengrok.indexer.framework.PluginFramework;
 import org.opengrok.indexer.logger.LoggerFactory;
-import org.opengrok.indexer.web.LaunderUtil;
+import org.opengrok.indexer.web.Laundromat;
 import org.opengrok.indexer.web.Statistics;
 
 /**
@@ -486,7 +486,7 @@ private boolean checkAll(HttpServletRequest request, String cache, Nameable enti
 
         if (entity == null) {
             LOGGER.log(Level.WARNING, "entity was null for request with parameters: {}",
-                    LaunderUtil.logging(request.getParameterMap()));
+                    Laundromat.launderLog(request.getParameterMap()));
             return false;
         }
 

opengrok-indexer/src/main/java/org/opengrok/indexer/index/PendingFileCompleter.java

@@ -554,6 +554,7 @@ private void findFilelessChildren(SkeletonDirs skels, File directory) {
 
     /**
      * Counts segments arising from {@code File.separatorChar} or '\\'.
+     * @param path a defined instance
      * @return a natural number
      */
     private static int countPathSegments(String path) {

opengrok-indexer/src/main/java/org/opengrok/indexer/web/LaunderUtil.java renamed to opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java

@@ -25,37 +25,35 @@
 
 import java.util.HashMap;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 /**
  * Represents a container for sanitizing methods for avoiding classifications as
  * taint bugs.
  */
-public class LaunderUtil {
+public class Laundromat {
+
+    private static final String ESC_N_R_T_F = "[\\n\\r\\t\\f]";
+    private static final String ESG_N_R_T_F__1_n = ESC_N_R_T_F + "+";
 
     /**
      * Sanitize {@code value} where it will be used in subsequent OpenGrok
      * (non-logging) processing.
      * @return {@code null} if null or else {@code value} with "pattern-breaking
      * characters" (tabs, CR, LF, FF) replaced as underscores (one for one)
      */
-    public static String userInput(String value) {
-        if (value == null) {
-            return null;
-        }
-        return value.replaceAll("[\\n\\r\\t\\f]", "_");
+    public static String launderInput(String value) {
+        return replaceAll(value, ESC_N_R_T_F, "_");
     }
 
     /**
-     * Sanitize {@code query} where it will be used in a Lucene query.
-     * @return {@code null} if null or else {@code query} with "pattern-breaking
+     * Sanitize {@code value} where it will be used in a Lucene query.
+     * @return {@code null} if null or else {@code value} with "pattern-breaking
      * characters" (tabs, CR, LF, FF) replaced as spaces. Contiguous matches are
      * replaced with one space.
      */
-    public static String luceneQuery(String query) {
-        if (query == null) {
-            return null;
-        }
-        return query.replaceAll("[\\n\\r\\t\\f]+", " ");
+    public static String launderQuery(String value) {
+        return replaceAll(value, ESG_N_R_T_F__1_n, " ");
     }
 
     /**
@@ -64,7 +62,7 @@ public static String luceneQuery(String query) {
      * characters" tabs, CR, LF, and FF replaced as {@code "<TAB>"},
      * {@code "<CR>"}, {@code "<LF>"}, and {@code "<FF>"} resp.
      */
-    public static String logging(String value) {
+    public static String launderLog(String value) {
         if (value == null) {
             return null;
         }
@@ -77,39 +75,54 @@ public static String logging(String value) {
     /**
      * Sanitize {@code map} where it will be used in a log message only.
      * @return {@code null} if null or else {@code map} with keys and values
-     * sanitized with {@link #logging(String)}. If the sanitizing causes key
+     * sanitized with {@link #launderLog(String)}. If the sanitizing causes key
      * collisions, the colliding keys' values are combined.
      */
-    public static Map<String, String[]> logging(Map<String, String[]> map) {
+    public static Map<String, String[]> launderLog(Map<String, String[]> map) {
         if (map == null) {
             return null;
         }
 
         HashMap<String, String[]> safes = new HashMap<>();
-        for (Map.Entry<String, String[]> entry : map.entrySet()) {
-            String k = logging(entry.getKey());
-            String[] safeValues = safes.get(k);
+        for (Map.Entry<String, String[]> entry : map.entrySet().stream().sorted(
+                Map.Entry.comparingByKey()).collect(Collectors.toList())) {
+            String key = launderLog(entry.getKey());
+            String[] safeValues = safes.get(key);
             String[] fullySafe = mergeLogArrays(entry.getValue(), safeValues);
-            safes.put(k, fullySafe);
+            safes.put(key, fullySafe);
         }
         return safes;
     }
 
     private static String[] mergeLogArrays(String[] values, String[] safeValues) {
-        int n = values.length + (safeValues != null ? safeValues.length : 0);
+        if (values == null && safeValues == null) {
+            return null;
+        }
+
+        int n = (values != null ? values.length : 0) +
+                (safeValues != null ? safeValues.length : 0);
         String[] result = new String[n];
 
-        int i;
-        for (i = 0; i < values.length; ++i) {
-            result[i] = logging(values[i]);
+        int i = 0;
+        if (values != null) {
+            for (; i < values.length; ++i) {
+                result[i] = launderLog(values[i]);
+            }
         }
         if (safeValues != null) {
             System.arraycopy(safeValues, 0, result, i, safeValues.length);
         }
         return result;
     }
 
+    private static String replaceAll(String value, String regex, String replacement) {
+        if (value == null) {
+            return null;
+        }
+        return value.replaceAll(regex, replacement);
+    }
+
     /* private to enforce static */
-    private LaunderUtil() {
+    private Laundromat() {
     }
 }

opengrok-indexer/src/main/java/org/opengrok/indexer/web/PageConfig.java

@@ -618,12 +618,12 @@ public List<SortOrder> getSortOrder() {
     public QueryBuilder getQueryBuilder() {
         if (queryBuilder == null) {
             queryBuilder = new QueryBuilder().
-                    setFreetext(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.FULL)))
-                    .setDefs(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.DEFS)))
-                    .setRefs(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.REFS)))
-                    .setPath(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.PATH)))
-                    .setHist(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.HIST)))
-                    .setType(LaunderUtil.luceneQuery(req.getParameter(QueryBuilder.TYPE)));
+                    setFreetext(Laundromat.launderQuery(req.getParameter(QueryBuilder.FULL)))
+                    .setDefs(Laundromat.launderQuery(req.getParameter(QueryBuilder.DEFS)))
+                    .setRefs(Laundromat.launderQuery(req.getParameter(QueryBuilder.REFS)))
+                    .setPath(Laundromat.launderQuery(req.getParameter(QueryBuilder.PATH)))
+                    .setHist(Laundromat.launderQuery(req.getParameter(QueryBuilder.HIST)))
+                    .setType(Laundromat.launderQuery(req.getParameter(QueryBuilder.TYPE)));
         }
 
         return queryBuilder;
@@ -684,7 +684,8 @@ public String getDefineTagsIndex() {
      */
     public String getRequestedRevision() {
         if (rev == null) {
-            String tmp = LaunderUtil.userInput(req.getParameter(QueryParameters.REVISION_PARAM));
+            String tmp = Laundromat.launderInput(
+                    req.getParameter(QueryParameters.REVISION_PARAM));
             rev = (tmp != null && tmp.length() > 0) ? tmp : "";
         }
         return rev;
@@ -1101,7 +1102,8 @@ public Prefix getPrefix() {
      */
     public String getPath() {
         if (path == null) {
-            path = Util.getCanonicalPath(LaunderUtil.userInput(req.getPathInfo()), PATH_SEPARATOR);
+            path = Util.getCanonicalPath(Laundromat.launderInput(
+                    req.getPathInfo()), PATH_SEPARATOR);
             if (PATH_SEPARATOR_STRING.equals(path)) {
                 path = "";
             }

opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java

@@ -0,0 +1,96 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * See LICENSE.txt included in this distribution for the specific
+ * language governing permissions and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at LICENSE.txt.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2020, Chris Fraire <[email protected]>.
+ */
+
+package org.opengrok.indexer.web;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+public class LaundromatTest {
+
+    private static final String TEST_CONTENT = "\n\r\f\tContent\r\nConclusion\f\t";
+    private static final String TEST_CONTENT_LOG_LAUNDRY =
+            "<LF><CR><FF><TAB>Content<CR><LF>Conclusion<FF><TAB>";
+
+    @Test
+    public void launderInput() {
+        String laundry = Laundromat.launderInput(TEST_CONTENT);
+        assertEquals("____Content__Conclusion__", laundry);
+    }
+
+    @Test
+    public void launderQuery() {
+        String laundry = Laundromat.launderQuery(TEST_CONTENT);
+        assertEquals(" Content Conclusion ", laundry);
+    }
+
+    @Test
+    public void launderLog() {
+        String laundry = Laundromat.launderLog(TEST_CONTENT);
+        assertEquals(TEST_CONTENT_LOG_LAUNDRY, laundry);
+    }
+
+    @Test
+    public void launderLogMap() {
+        HashMap<String, String[]> testMap = new HashMap<>();
+        testMap.put("a", null);
+        testMap.put("b", new String[]{TEST_CONTENT});
+        testMap.put(TEST_CONTENT, new String[]{"c", "d"});
+        // for merging two non-null collisions
+        testMap.put("e\rf", new String[]{"c", "d"});
+        testMap.put("e<CR>f", new String[]{"g", "h"});
+        // for merging LHS null on collisions
+        testMap.put("\fi\n", null);
+        testMap.put("<FF>i\n", new String[]{"j"});
+        testMap.put("<FF>i<LF>", new String[]{"k"});
+        // for merging RHS null on collisions
+        testMap.put("l\t\r", null);
+        testMap.put("l<TAB>\r", null);
+        testMap.put("l\t<CR>", null);
+
+        Map<String, String[]> laundry = Laundromat.launderLog(testMap);
+
+        HashMap<String, String[]> expected = new HashMap<>();
+        expected.put("a", null);
+        expected.put("b", new String[]{TEST_CONTENT_LOG_LAUNDRY});
+        expected.put(TEST_CONTENT_LOG_LAUNDRY, new String[]{"c", "d"});
+        expected.put("e<CR>f", new String[]{"g", "h", "c", "d"});
+        expected.put("<FF>i<LF>", new String[]{"k", "j"});
+        expected.put("l<TAB><CR>", null);
+
+        assertEquals("maps″ should be equal", hashedValues(expected), hashedValues(laundry));
+    }
+
+    private Map<String, Integer> hashedValues(Map<String, String[]> map) {
+        HashMap<String, Integer> result = new HashMap<>();
+        for (Map.Entry<String, String[]> entry : map.entrySet()) {
+            result.put(entry.getKey(), Arrays.hashCode(entry.getValue()));
+        }
+        return result;
+    }
+}

opengrok-web/src/main/java/org/opengrok/web/AuthorizationFilter.java

@@ -37,7 +37,7 @@
 import org.opengrok.indexer.configuration.Project;
 import org.opengrok.indexer.logger.LoggerFactory;
 import org.opengrok.indexer.web.PageConfig;
-import org.opengrok.indexer.web.LaunderUtil;
+import org.opengrok.indexer.web.Laundromat;
 import org.opengrok.web.api.v1.RestApp;
 
 public class AuthorizationFilter implements Filter {
@@ -59,7 +59,7 @@ public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) thr
         if (httpReq.getServletPath().startsWith(RestApp.API_PATH)) {
             if (LOGGER.isLoggable(Level.FINER)) {
                 LOGGER.log(Level.FINER, "Allowing request to {0} in {1}",
-                        new Object[] {LaunderUtil.logging(httpReq.getServletPath()),
+                        new Object[] {Laundromat.launderLog(httpReq.getServletPath()),
                                 AuthorizationFilter.class.getName()});
             }
             fc.doFilter(sr, sr1);
@@ -74,11 +74,11 @@ public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) thr
             if (LOGGER.isLoggable(Level.INFO)) {
                 if (httpReq.getRemoteUser() != null) {
                     LOGGER.log(Level.INFO, "Access denied for user ''{0}'' for URI: {1}",
-                            new Object[] {LaunderUtil.logging(httpReq.getRemoteUser()),
-                                    LaunderUtil.logging(httpReq.getRequestURI())});
+                            new Object[] {Laundromat.launderLog(httpReq.getRemoteUser()),
+                                    Laundromat.launderLog(httpReq.getRequestURI())});
                 } else {
                     LOGGER.log(Level.INFO, "Access denied for URI: {0}",
-                            LaunderUtil.logging(httpReq.getRequestURI()));
+                            Laundromat.launderLog(httpReq.getRequestURI()));
                 }
             }