Sanitize URLs in file fields to handle invalid pipe characters ('|') C…

…loses JabRef#11876. - Introduced URLUtil.createUri() and URLUtil.create() to handle URL sanitization. - Replaced direct calls to URI.create() and URI.create().toURL() with the new utility methods. - URLs containing the pipe character ('|') are now properly encoded as '%7C' to prevent parsing errors. - Added test cases to URLUtilTest to verify correct sanitization and URL creation. - Added @archtest to ensure that the URI.create() method is not directly called in the codebase.
hitalo-siriano · Nov 16, 2024 · 0f1ea59 · 0f1ea59
1 parent 63f9562
commit 0f1ea59
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/src/main/java/module-info.java b/src/main/java/module-info.java
@@ -189,5 +189,6 @@
     requires mslinks;
     requires org.antlr.antlr4.runtime;
     requires org.libreoffice.uno;
+    requires org.apache.httpcomponents.client5.httpclient5;
     // endregion
 }
diff --git a/src/main/java/org/jabref/gui/fieldeditors/URLUtil.java b/src/main/java/org/jabref/gui/fieldeditors/URLUtil.java
@@ -143,13 +143,34 @@ public static Optional<String> getSuffix(final String link, ExternalApplications
             return Optional.ofNullable(suffix);
         }
     }
+    /**
+     * Creates a {@link URL} object from the given string URL.
+     *
+     * @param url the URL string to be converted into a {@link URL}.
+     * @return the {@link URL} object created from the string URL.
+     * @throws MalformedURLException if the URL is malformed and cannot be converted to a {@link URL}.
+     */
 
     public static URL create(String url) throws MalformedURLException {
         return URLUtil.createUri(url).toURL();
     }
 
+    /**
+     * Creates a {@link URI} object from the given string URL.
+     *
+     * This method attempts to convert the given URL string into a {@link URI} object.
+     * The pipe character ('|') is replaced with its percent-encoded equivalent ("%7C") because the pipe character
+     * is not a valid character in certain parts of a URI (specifically, in the path or query components).
+     * According to the URI specification (RFC 3986), certain characters must be percent-encoded when used in specific contexts.
+     *
+     * @param url the URL string to be converted into a {@link URI}.
+     * @return the {@link URI} object created from the string URL.
+     * @throws IllegalArgumentException if the string URL is not a valid URI or if the URI format is incorrect.
+     * @throws URISyntaxException if the string URL has an invalid syntax and cannot be converted into a {@link URI}.
+     */
     public static URI createUri(String url) {
         try {
+            // Replace '|' character with its percent-encoded representation '%7C'.
             String urlFormat = url.replace("|", "%7C");
             return new URI(urlFormat);
         } catch (URISyntaxException e) {

diff --git a/src/test/java/org/jabref/architecture/MainArchitectureTest.java b/src/test/java/org/jabref/architecture/MainArchitectureTest.java
@@ -150,4 +150,13 @@ public void restrictStandardStreams(JavaClasses classes) {
                    .because("logging framework should be used instead or the class be marked explicitly as @AllowedToUseStandardStreams")
                    .check(classes);
     }
+
+    @ArchTest
+    public void shouldNotCallUriCreateMethod(JavaClasses classes) {
+       noClasses()
+               .that()
+               .resideInAPackage("org.jabref..")
+               .should().callMethod(java.net.URI.class, "create", java.lang.String.class)
+               .check(classes);
+    }
 }