Fix sonar issues

iam-login-service/src/main/java/it/infn/mw/iam/api/common/LabelDTO.java

@@ -16,13 +16,14 @@
 package it.infn.mw.iam.api.common;
 
 import javax.annotation.Generated;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 
-import javax.validation.constraints.NotBlank;
-
 import com.fasterxml.jackson.annotation.JsonInclude;
 
+import it.infn.mw.iam.api.common.validator.NoNewLineOrCarriageReturn;
+
 @JsonInclude(JsonInclude.Include.NON_EMPTY)
 public class LabelDTO {
 
@@ -43,6 +44,7 @@ public class LabelDTO {
   private String name;
 
   @Size(max = 64, message = "invalid value length")
+  @NoNewLineOrCarriageReturn
   private String value;
 
   public LabelDTO() {}

iam-login-service/src/main/java/it/infn/mw/iam/api/common/validator/NoNewLineOrCarriageReturn.java

@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.api.common.validator;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+@Retention(RUNTIME)
+@Target({FIELD, METHOD})
+@Constraint(validatedBy = NoNewLineOrCarriageReturnValidator.class)
+public @interface NoNewLineOrCarriageReturn {
+
+  String message() default "The string must not contain any new line or carriage return";
+
+  Class<?>[] groups() default {};
+
+  Class<? extends Payload>[] payload() default {};
+
+}

iam-login-service/src/main/java/it/infn/mw/iam/api/common/validator/NoNewLineOrCarriageReturnValidator.java

@@ -0,0 +1,22 @@
+package it.infn.mw.iam.api.common.validator;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+public class NoNewLineOrCarriageReturnValidator implements ConstraintValidator<NoNewLineOrCarriageReturn, String> {
+
+  public NoNewLineOrCarriageReturnValidator() {
+    // Empty on purpose
+  }
+
+  @Override
+  public void initialize(NoNewLineOrCarriageReturn constraintAnnotation) {
+    // Empty on purpose
+  }
+
+  @Override
+  public boolean isValid(String value, ConstraintValidatorContext context) {
+    return value == null || !value.matches(".*(?:[ \r\n\t].*)+");
+  }
+
+}

iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/AccountUnlinkedEvent.java

@@ -15,6 +15,8 @@
  */
 package it.infn.mw.iam.audit.events.account;
 
+import static it.infn.mw.iam.audit.events.utils.EventUtils.sanitize;
+
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
 import it.infn.mw.iam.authn.ExternalAuthenticationRegistrationInfo.ExternalAuthenticationType;
@@ -34,8 +36,8 @@ public AccountUnlinkedEvent(Object source, IamAccount account,
       ExternalAuthenticationType accountType, String issuer, String subject, String message) {
     super(source, account, message);
     this.externalAuthenticationType = accountType;
-    this.issuer = issuer;
-    this.subject = subject;
+    this.issuer = sanitize(issuer);
+    this.subject = sanitize(subject);
   }
 
   public ExternalAuthenticationType getExternalAuthenticationType() {

iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/X509CertificateUnlinkedEvent.java

@@ -15,6 +15,8 @@
  */
 package it.infn.mw.iam.audit.events.account;
 
+import static it.infn.mw.iam.audit.events.utils.EventUtils.sanitize;
+
 import it.infn.mw.iam.persistence.model.IamAccount;
 
 public class X509CertificateUnlinkedEvent extends AccountEvent {
@@ -30,7 +32,7 @@ public class X509CertificateUnlinkedEvent extends AccountEvent {
   public X509CertificateUnlinkedEvent(Object source, IamAccount account, String message,
       String certificateSubject) {
     super(source, account, message);
-    this.certificateSubject = certificateSubject;
+    this.certificateSubject = sanitize(certificateSubject);
   }
 
   public String getCertificateSubject() {

iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/x509/X509CertificateUnlinkedEvent.java

@@ -15,6 +15,8 @@
  */
 package it.infn.mw.iam.audit.events.account.x509;
 
+import static it.infn.mw.iam.audit.events.utils.EventUtils.sanitize;
+
 import it.infn.mw.iam.audit.events.account.AccountEvent;
 import it.infn.mw.iam.persistence.model.IamAccount;
 
@@ -31,7 +33,7 @@ public class X509CertificateUnlinkedEvent extends AccountEvent {
   public X509CertificateUnlinkedEvent(Object source, IamAccount account, String message,
       String certificateSubject) {
     super(source, account, message);
-    this.certificateSubject = certificateSubject;
+    this.certificateSubject = sanitize(certificateSubject);
   }
 
   public String getCertificateSubject() {

iam-login-service/src/main/java/it/infn/mw/iam/audit/events/utils/EventUtils.java

@@ -0,0 +1,23 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.audit.events.utils;
+
+public class EventUtils {
+
+  public static String sanitize(String param) {
+    return param.replaceAll("[\n\r]", "_");
+  }
+}

iam-login-service/src/main/java/it/infn/mw/iam/core/user/DefaultIamAccountService.java

@@ -401,6 +401,7 @@ public IamAccount addLabel(IamAccount account, IamLabel label) {
 
   @Override
   public IamAccount deleteLabel(IamAccount account, IamLabel label) {
+
     boolean labelRemoved = account.getLabels().remove(label);
 
     if (labelRemoved) {

iam-login-service/src/test/java/it/infn/mw/iam/test/api/TestSupport.java

@@ -43,7 +43,7 @@ public class TestSupport {
 
   public static final String TEST_001_GROUP_UUID = "c617d586-54e6-411d-8e38-649677980001";
   public static final String TEST_002_GROUP_UUID = "c617d586-54e6-411d-8e38-649677980002";
-  
+
   public static final String ADMIN_USER = "admin";
   public static final String ADMIN_USER_UUID = "73f16d93-2441-4a50-88ff-85360d78c6b5";
 
@@ -81,6 +81,8 @@ public class TestSupport {
   public static final ResultMatcher INVALID_NAME_ERROR_MESSAGE =
       jsonPath("$.error", containsString("invalid name (does not match"));
 
+  public static final ResultMatcher INVALID_VALUE_ERROR_MESSAGE = jsonPath("$.error",
+      containsString("Invalid label: The string must not contain any new line or carriage return"));
 
   public static final ResultMatcher NAME_TOO_LONG_ERROR_MESSAGE =
       jsonPath("$.error", containsString("invalid name length"));

iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/labels/AccountLabelsTests.java

@@ -330,7 +330,7 @@ public void multipleLabelsHandledCorrectly() throws Exception {
   public void labelValidationTests() throws Exception {
 
     final String[] SOME_INVALID_PREFIXES = {"aword", "-starts-with-dash.com", "ends-with-dash-.com",
-        "contains_underscore.org", "contains/slashes.org"};
+        "contains_underscore.org", "contains/slashes.org", "carriage\nreturn", "another\rreturn"};
 
     for (String p : SOME_INVALID_PREFIXES) {
       LabelDTO l = LabelDTO.builder().prefix(p).value(LABEL_VALUE).name(LABEL_NAME).build();
@@ -349,7 +349,8 @@ public void labelValidationTests() throws Exception {
       .andExpect(BAD_REQUEST)
       .andExpect(NAME_REQUIRED_ERROR_MESSAGE);
 
-    final String SOME_INVALID_NAMES[] = {"-pippo", "/ciccio/paglia", ".starts-with-dot"};
+    final String SOME_INVALID_NAMES[] =
+        {"-pippo", "/ciccio/paglia", ".starts-with-dot", "carriage\nreturn", "another\rreturn"};
 
     for (String in : SOME_INVALID_NAMES) {
       LabelDTO invalidNameLabel = LabelDTO.builder().prefix(LABEL_PREFIX).name(in).build();
@@ -360,6 +361,17 @@ public void labelValidationTests() throws Exception {
         .andExpect(INVALID_NAME_ERROR_MESSAGE);
     }
 
+    final String SOME_INVALID_VALUES[] = {"carriage\nreturn", "another\rreturn"};
+
+    for (String v : SOME_INVALID_VALUES) {
+      LabelDTO invalidNameLabel = LabelDTO.builder().prefix(LABEL_PREFIX).name(LABEL_NAME).value(v).build();
+      mvc
+        .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
+          .content(mapper.writeValueAsString(invalidNameLabel)))
+        .andExpect(BAD_REQUEST)
+        .andExpect(INVALID_VALUE_ERROR_MESSAGE);
+    }
+
     LabelDTO longNameLabel =
         LabelDTO.builder().prefix(LABEL_PREFIX).name(randomAlphabetic(65)).build();