diff --git a/src/main/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandler.kt b/src/main/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandler.kt index dd28966958..158c66bfb8 100644 --- a/src/main/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandler.kt +++ b/src/main/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandler.kt @@ -34,8 +34,11 @@ import org.sonarlint.intellij.core.SecurityHotspotMatcher import org.sonarlint.intellij.editor.EditorDecorator import org.sonarlint.intellij.issue.Location import org.sonarlint.intellij.telemetry.SonarLintTelemetry +import org.sonarlint.intellij.util.GlobalLogOutput +import org.sonarsource.sonarlint.core.commons.log.ClientLogOutput import org.sonarsource.sonarlint.core.serverapi.hotspot.GetSecurityHotspotRequestParams import org.sonarsource.sonarlint.core.serverapi.hotspot.ServerHotspot +import java.net.URL const val NOTIFICATION_TITLE = "Error opening security hotspot" @@ -50,6 +53,12 @@ open class SecurityHotspotShowRequestHandler( ) { open fun open(projectKey: String, hotspotKey: String, serverUrl: String) { + try { + URL(serverUrl) + } catch (e: Exception) { + GlobalLogOutput.get().log("Invalid open hotspot request received, ignoring it", ClientLogOutput.Level.INFO) + return + } telemetry.showHotspotRequestReceived() doOpen(projectKey, hotspotKey, serverUrl) } diff --git a/src/main/java/org/sonarlint/intellij/ui/ModalPresenter.kt b/src/main/java/org/sonarlint/intellij/ui/ModalPresenter.kt index 91539d298b..0475d7dc0c 100644 --- a/src/main/java/org/sonarlint/intellij/ui/ModalPresenter.kt +++ b/src/main/java/org/sonarlint/intellij/ui/ModalPresenter.kt @@ -20,11 +20,12 @@ package org.sonarlint.intellij.ui import com.intellij.openapi.ui.Messages +import org.apache.commons.lang.StringEscapeUtils open class ModalPresenter { open fun showConfirmModal(title: String, message: String, confirmText: String): Boolean { - return Messages.showYesNoDialog(null, message, title, confirmText, "Cancel", Messages.getWarningIcon()) == Messages.OK + return Messages.showYesNoDialog(null, StringEscapeUtils.escapeHtml(message), title, confirmText, "Cancel", Messages.getWarningIcon()) == Messages.OK } } diff --git a/src/test/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandlerTest.kt b/src/test/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandlerTest.kt index 7a3fa297be..241fdad989 100644 --- a/src/test/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandlerTest.kt +++ b/src/test/java/org/sonarlint/intellij/issue/hotspot/SecurityHotspotShowRequestHandlerTest.kt @@ -47,7 +47,7 @@ import org.sonarsource.sonarlint.core.serverapi.hotspot.ServerHotspot import java.util.Optional const val FILE_PATH = "com/sonarsource/sample/MyFile.java" -const val CONNECTED_URL = "serverUrl" +const val CONNECTED_URL = "http://server.url" const val PROJECT_KEY = "projectKey" const val HOTSPOT_KEY = "hotspotKey"