From e7cc34d78914bac1348a1e18a5692c3fe92c8b7c Mon Sep 17 00:00:00 2001 From: Joel Schneider Date: Mon, 27 Jan 2025 10:06:21 -0600 Subject: [PATCH] use URI constructor instead of string concatenation, to avoid having static code analysis tool complain about "Concatenating user-controlled input into a URL" security issue --- src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java b/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java index 041a4fce64..7c48fdf059 100644 --- a/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java +++ b/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java @@ -41,6 +41,7 @@ import java.io.IOException; import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; @@ -315,10 +316,10 @@ private int activeSubscriptionCount() { @ParameterizedTest @ValueSource(strings = {"prometheus", "health", "metrics", "info"}) - void testActuatorEndpointExists(String endpoint) throws IOException { + void testActuatorEndpointExists(String endpoint) throws IOException, URISyntaxException { CloseableHttpClient httpclient = HttpClients.createDefault(); - CloseableHttpResponse response = httpclient.execute(new HttpGet("http://localhost:" + port + "/actuator/" + endpoint)); + CloseableHttpResponse response = httpclient.execute(new HttpGet(new URI("http", null, "localhost", port, "/actuator/" + endpoint, null, null))); int statusCode = response.getStatusLine().getStatusCode(); assertEquals(200, statusCode);