Escape HTML in the messages and code snippets (#19)

* Escape HTML in the messages and code snippets * Add a 20.10 report to increase test coverage
jenkinsci · Sep 26, 2024 · be7377d · be7377d
1 parent a161f06
commit be7377d
Show file tree

Hide file tree

Showing 4 changed files with 2,233 additions and 25 deletions.
diff --git a/src/main/java/com/absint/astree/AstreeReportParser.java b/src/main/java/com/absint/astree/AstreeReportParser.java
@@ -70,16 +70,20 @@ public Report parse(final ReaderFactory readerFactory) throws ParsingException {
             String locationID = message.getLocationID();
 
             // build description out of code snippet
-            String description = "";
-            String code = parser.getCodeSnippets().get(locationID);
-            if (null != code && !code.isEmpty()) {
-                description += "<p>Code:<br><code>" + code.replaceAll(" ", "&nbsp;") + "</code></p>";
+            final StringBuilder description = new StringBuilder();
+            final String code = parser.getCodeSnippet(locationID);
+            if (code != null && !code.isEmpty()) {
+                description.append("<p>Code:</p><pre>");
+                description.append(code);
+                description.append("</pre>");
             }
 
             // build description out of context
-            String context = message.getContext(); 
-            if (null != context && !context.isEmpty()) {
-                description += "<p>Context:<br><code>" + context.replaceAll(" ", "&nbsp;") + "</code></p>";
+            final String context = message.getContext(); 
+            if (context != null && !context.isEmpty()) {
+                description.append("<p>Context:</p><pre>");
+                description.append(context);
+                description.append("</pre>");
             }
 
             // build category out of message type and category
@@ -126,7 +130,7 @@ public Report parse(final ReaderFactory readerFactory) throws ParsingException {
                 .setColumnStart(location.getColStart())
                 .setColumnEnd(location.getColEnd())
                 .setCategory(categoryBuilder.toString())
-                .setDescription(description)
+                .setDescription(description.toString())
                 .setSeverity(severity);
 
             // add issue to report

diff --git a/src/main/java/com/absint/astree/AstreeSimpleReportParser.java b/src/main/java/com/absint/astree/AstreeSimpleReportParser.java
@@ -1,19 +1,17 @@
 package com.absint.astree;
 
+import org.apache.commons.text.StringEscapeUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
 import edu.hm.hafner.analysis.ParsingException;
 
-import org.w3c.dom.Node;
-
 import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.ArrayList;
 
-
 /**
  * Parser which simply parses Astree XML reports into data structures whithout
  * interconnecting the elements
@@ -109,12 +107,12 @@ public String getFile(String id) {
     }
 
     /**
-     * get parsed code snippets
+     * get parsed code snippet
      *
-     * @return parsed files
+     * @return parsed code snippet
      */
-    public Map<String, String> getCodeSnippets() {
-        return m_codeSnippets;
+    public String getCodeSnippet(String locationId) {
+        return m_codeSnippets.get(locationId);
     }
 
     /**
@@ -146,7 +144,7 @@ private void parseMessages(Document doc, Message.MessageType type) {
         for (int i = 0; i < messages.getLength(); i++) {
             Element messageElement = (Element)messages.item(i);
             Message message = new Message();
- 
+
             // message text
             NodeList lines = messageElement.getElementsByTagName("textline");
             StringBuilder messageText = new StringBuilder();
@@ -155,9 +153,9 @@ private void parseMessages(Document doc, Message.MessageType type) {
                 if (0 < messageText.length()) {
                     messageText.append("<br>");
                 }
-                messageText.append(line.getTextContent());
+                messageText.append(StringEscapeUtils.escapeHtml4(line.getTextContent()));
             }
- 
+
             message.setLocationID(messageElement.getAttribute("location_id"))
                 .setTypeID(messageElement.getAttribute("type"))
                 .setType(type)
@@ -179,9 +177,9 @@ private void parseFindings(Document doc) {
                 final Element line = (Element) lines.item(y);
                 if (0 < stringBuilder.length())
                     stringBuilder.append("<br>");
-                stringBuilder.append(line.getTextContent());
+                stringBuilder.append(StringEscapeUtils.escapeHtml4(line.getTextContent()));
             }
- 
+
             message.setLocationID(element.getAttribute("location_id"))
                 .setTypeID(element.getAttribute("key"))
                 .setContext(element.getAttribute("context"))
@@ -262,9 +260,9 @@ private void parseCodeSnippets(Document doc) {
             for (int y = 0; y < lines.getLength(); y++) {
                 Element line = (Element)lines.item(y);
                 if (0 < code.length()) {
-                    code.append("<br>");
+                    code.append("\n");
                 }
-                code.append(line.getTextContent());
+                code.append(StringEscapeUtils.escapeHtml4(line.getTextContent()));
             }
 
             m_codeSnippets.put(snippet.getAttribute("location_id"), code.toString());