Commit 92fcc81

committed

prevent polynomial regular expression used on uncontrolled data security issue

1 parent 547c36e commit 92fcc81Copy full SHA for 92fcc81

File tree

2 files changed

-16

lines changed

modules/swagger-codegen/src
- main/java/io/swagger/codegen
  - DefaultCodegen.java
- test/java/io/swagger/codegen
  - CodegenTest.java

2 files changed

-16

lines changed

`‎modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultCodegen.java‎`

Lines changed: 8 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -3212,28 +3212,20 @@ protected void addParentContainer(CodegenModel m, String name, Property property`
`3212`	`3212`
`3213`	`3213`	`/**`
`3214`	`3214`	`* Underscore the given word.`
`3215`		`- * Copied from Twitter elephant bird`
`3216`		`- * https://github.com/twitter/elephant-bird/blob/master/core/src/main/java/com/twitter/elephantbird/util/Strings.java`
`3217`	`3215`	`*`
`3218`	`3216`	`* @param word The word`
`3219`	`3217`	`* @return The underscored version of the word`
`3220`	`3218`	`*/`
`3221`	`3219`	`public static String underscore(String word) {`
`3222`		`- String firstPattern = "([A-Z]+)([A-Z][a-z][a-z]+)";`
`3223`		`- String secondPattern = "([a-z\\d])([A-Z])";`
	`3220`	`+ Pattern firstPattern = Pattern.compile("(?<=[A-Z])(?=[A-Z][a-z]{2,})");`
	`3221`	`+ Pattern secondPattern = Pattern.compile("(?<=[a-z\\d])(?=[A-Z])");`
`3224`	`3222`	`String replacementPattern = "1ドル_2ドル";`
`3225`		`- // Replace package separator with slash.`
`3226`		`- word = word.replaceAll("\\.", "/"); // FIXME: a parameter should not be assigned. Also declare the methods parameters as 'final'.`
`3227`		`- // Replace $ with two underscores for inner classes.`
`3228`		`- word = word.replaceAll("\\$", "__");`
`3229`		`- // Replace capital letter with _ plus lowercase letter.`
`3230`		`- word = word.replaceAll(firstPattern, replacementPattern);`
`3231`		`- word = word.replaceAll(secondPattern, replacementPattern);`
`3232`		`- word = word.replace('-', '_');`
`3233`		`- // replace space with underscore`
`3234`		`- word = word.replace(' ', '_');`
`3235`		`- word = word.toLowerCase();`
`3236`		`- return word;`
	`3223`	`+`
	`3224`	`+ String replaced = word.replace('.', '/').replace("$", "__");`
	`3225`	`+ replaced = firstPattern.matcher(replaced).replaceAll("_");`
	`3226`	`+ replaced = secondPattern.matcher(replaced).replaceAll("_");`
	`3227`	`+ replaced = replaced.replace('-', '_').replace(' ', '_').toLowerCase();`
	`3228`	`+ return replaced;`
`3237`	`3229`	`}`
`3238`	`3230`
`3239`	`3231`	`/**`

`‎modules/swagger-codegen/src/test/java/io/swagger/codegen/CodegenTest.java‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ public void underscoreNamesTest() {`
`51`	`51`
`52`	`52`	`Assert.assertEquals(codegen.underscore("FooBar"), "foo_bar");`
`53`	`53`	`Assert.assertEquals(codegen.underscore("FooBarBaz"), "foo_bar_baz");`
	`54`	`+ Assert.assertEquals(codegen.underscore("HTTPServer"), "http_server");`
`54`	`55`	`}`
`55`	`56`
`56`	`57`	`@Test(description = "test camelize")`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 92fcc81

File tree

2 files changed

2 files changed

`‎modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultCodegen.java‎`

`‎modules/swagger-codegen/src/test/java/io/swagger/codegen/CodegenTest.java‎`

0 commit comments