Skip to content

Commit 16d1607

Browse files
SummerBootFrameworkSummerBootFramework
committed
fixed: Polynomial regular expression used on uncontrolled data
1 parent c9b6e2c commit 16d1607

File tree

1 file changed

+15
-9
lines changed

1 file changed

+15
-9
lines changed

src/main/java/org/summerboot/jexpress/util/FormatterUtil.java

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,9 @@ public static String[] parseDsv(String dsv, String delimiter, boolean trim) {
8080

8181
if (trim) {
8282
// Replace all consecutive spaces or delimiter characters with a single delimiter character
83-
dsv = dsv.trim().replaceAll("\\s*" + delimiter + "\\s*", delimiter);
83+
//String regex = "\\s*" + delimiter + "\\s*";
84+
String regex = "\\s*+" + delimiter + "\\s*+";
85+
dsv = dsv.trim().replaceAll(regex, delimiter);
8486
}
8587
// Use StringUtils.split, which does not use regular expressions
8688
return StringUtils.split(dsv, delimiter);
@@ -97,7 +99,9 @@ public static String[] parsePsv(String psv, boolean trim) {
9799
}
98100
if (trim) {
99101
// Replace all consecutive spaces or delimiter characters with a single delimiter character
100-
psv = psv.trim().replaceAll("[\\s|]+", "|");
102+
String regex = "[\\s|]+";
103+
//String regex = "\\s*+|\\s*+";
104+
psv = psv.trim().replaceAll(regex, "|");
101105
}
102106
// Use StringUtils.split, which does not use regular expressions
103107
return StringUtils.split(psv, '|');
@@ -108,14 +112,14 @@ public static String[] parseCsv(String csv) {
108112
}
109113

110114
public static String[] parseCsv(String csv, boolean trim) {
111-
//return StringUtils.isBlank(csv) ? EMPTY_STR_ARRAY : csv.trim().split(REGEX_CSV);
112115
if (StringUtils.isBlank(csv)) {
113116
return EMPTY_STR_ARRAY;
114117
}
115-
//return StringUtils.isBlank(csv) ? EMPTY_STR_ARRAY : StringUtils.split(csv);
116118
if (trim) {
117119
// Replace all consecutive spaces or delimiter characters with a single delimiter character
118-
csv = csv.trim().replaceAll("\\s*,\\s*", ",");
120+
//String regex = "\\s*,\\s*";
121+
String regex = "\\s*+,\\s*+";
122+
csv = csv.trim().replaceAll(regex, ",");
119123
}
120124
// Use StringUtils.split, which does not use regular expressions
121125
return StringUtils.split(csv, ',');
@@ -126,13 +130,14 @@ public static String[] parseURL(String url) {
126130
}
127131

128132
public static String[] parseURL(String url, boolean trim) {
129-
//return StringUtils.isBlank(url) ? EMPTY_STR_ARRAY : url.trim().split(REGEX_URL);
130133
if (StringUtils.isBlank(url)) {
131134
return EMPTY_STR_ARRAY;
132135
}
133136
if (trim) {
134137
// Replace all consecutive spaces or delimiter characters with a single delimiter character
135-
url = url.trim().replaceAll("\\s*/\\s*", "/");
138+
//String regex = "\\s*/\\s*";
139+
String regex = "\\s*+/\\s*+";
140+
url = url.trim().replaceAll(regex, "/");
136141
}
137142
return StringUtils.split(url, '/');
138143
}
@@ -295,9 +300,10 @@ public static Map<String, String> parseMap(String mapCVS, boolean trim) {
295300
Map<String, String> ret = new HashMap<>();
296301
String[] mapKeyValues = parseCsv(mapCVS, true);
297302
for (String mapKeyValue : mapKeyValues) {
298-
//String[] ap = mapKeyValue.trim().split(REGEX_BINDING_MAP);
299303
if (trim) {
300-
mapKeyValue = mapKeyValue.trim().replaceAll("\\s*:\\s*", ":");
304+
//String regex = "\\s*:\\s*";
305+
String regex = "\\s*+:\\s*+";
306+
mapKeyValue = mapKeyValue.trim().replaceAll(regex, ":");
301307
}
302308
String[] ap = StringUtils.split(mapKeyValue, ':');
303309
ret.put(ap[0], ap[1]);

0 commit comments

Comments
 (0)