From b2972021a964b5a4e997b52a358b2c61b422ada4 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Mon, 18 Nov 2024 16:12:49 +0000 Subject: [PATCH 01/10] added Possessive quantifier --- .../main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java index 1dd660a6e8a..d4355c7a134 100644 --- a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java +++ b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java @@ -23,7 +23,7 @@ * Utility methods for Schema Properties. */ public final class PropertiesUtil { - private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*"); + private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*+"); private PropertiesUtil() { // Private constructor to prevent instantiation. From 6513543eb69285023958b06b6e7446f71faa2c02 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Mon, 18 Nov 2024 16:21:39 +0000 Subject: [PATCH 02/10] updated test --- .../response/deserialiser/impl/DefaultResponseDeserialiser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java b/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java index 9dffbc03611..29c4619ea3b 100644 --- a/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java +++ b/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java @@ -38,7 +38,7 @@ public DefaultResponseDeserialiser(final TypeReference typeReference) { @Override public O deserialise(final String jsonString) throws SerialisationException { // Special handling for String values returned while using the ProxyStore - if (typeReference.getType().equals(Object.class) && !jsonString.matches("^(-?\\d*\\.?\\d*|false|true|null|\\[.*\\]|\\{.*\\})$")) { + if (typeReference.getType().equals(Object.class) && !jsonString.matches("^(-?\\d*+\\.?\\d*+|false|true|null|\\[.*+\\]|\\{.*+\\})$")) { // The input is likely a plain java.lang.String object, so return as-is return (O) jsonString; } else { From d0cf6923086208aff834a716e84a230b584472a9 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Mon, 18 Nov 2024 16:26:23 +0000 Subject: [PATCH 03/10] updated test 2 --- .../java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java index a4ffa83ee68..a46af154391 100644 --- a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java +++ b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java @@ -30,7 +30,7 @@ class PropertiesUtilTest { void shouldThrowExceptionWithInvalidStringName() { assertThatIllegalArgumentException() .isThrownBy(() -> PropertiesUtil.validateName(INVALID_STRING)) - .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*"); + .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*+"); } @Test From fa720c31af4d283c3eb0300c014f604fdcfca520 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 15:42:28 +0000 Subject: [PATCH 04/10] avoid excessive backtracking --- .../main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java | 2 +- .../java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java | 2 +- .../response/deserialiser/impl/DefaultResponseDeserialiser.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java index d4355c7a134..161a8e8c145 100644 --- a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java +++ b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java @@ -23,7 +23,7 @@ * Utility methods for Schema Properties. */ public final class PropertiesUtil { - private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*+"); + private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("^[a-zA-Z0-9|-]*$"); private PropertiesUtil() { // Private constructor to prevent instantiation. diff --git a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java index a46af154391..5b60b22c619 100644 --- a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java +++ b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java @@ -30,7 +30,7 @@ class PropertiesUtilTest { void shouldThrowExceptionWithInvalidStringName() { assertThatIllegalArgumentException() .isThrownBy(() -> PropertiesUtil.validateName(INVALID_STRING)) - .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*+"); + .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: ^[a-zA-Z0-9|-]*$"); } @Test diff --git a/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java b/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java index 29c4619ea3b..9dffbc03611 100644 --- a/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java +++ b/store-implementation/proxy-store/src/main/java/uk/gov/gchq/gaffer/proxystore/response/deserialiser/impl/DefaultResponseDeserialiser.java @@ -38,7 +38,7 @@ public DefaultResponseDeserialiser(final TypeReference typeReference) { @Override public O deserialise(final String jsonString) throws SerialisationException { // Special handling for String values returned while using the ProxyStore - if (typeReference.getType().equals(Object.class) && !jsonString.matches("^(-?\\d*+\\.?\\d*+|false|true|null|\\[.*+\\]|\\{.*+\\})$")) { + if (typeReference.getType().equals(Object.class) && !jsonString.matches("^(-?\\d*\\.?\\d*|false|true|null|\\[.*\\]|\\{.*\\})$")) { // The input is likely a plain java.lang.String object, so return as-is return (O) jsonString; } else { From e5737ecf4dae03e24d748368c2558b9a3424bed9 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 16:07:00 +0000 Subject: [PATCH 05/10] fix regex --- .../main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java | 2 +- .../java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java index 161a8e8c145..d4355c7a134 100644 --- a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java +++ b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java @@ -23,7 +23,7 @@ * Utility methods for Schema Properties. */ public final class PropertiesUtil { - private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("^[a-zA-Z0-9|-]*$"); + private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*+"); private PropertiesUtil() { // Private constructor to prevent instantiation. diff --git a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java index 5b60b22c619..a46af154391 100644 --- a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java +++ b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java @@ -30,7 +30,7 @@ class PropertiesUtilTest { void shouldThrowExceptionWithInvalidStringName() { assertThatIllegalArgumentException() .isThrownBy(() -> PropertiesUtil.validateName(INVALID_STRING)) - .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: ^[a-zA-Z0-9|-]*$"); + .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*+"); } @Test From 21cfbd797a05a58af224bbdfea8499d7946b10b9 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 16:22:12 +0000 Subject: [PATCH 06/10] testing SQ sec hotspots --- .../main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java | 2 +- .../java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java index 1dd660a6e8a..d4355c7a134 100644 --- a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java +++ b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java @@ -23,7 +23,7 @@ * Utility methods for Schema Properties. */ public final class PropertiesUtil { - private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*"); + private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*+"); private PropertiesUtil() { // Private constructor to prevent instantiation. diff --git a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java index a4ffa83ee68..a46af154391 100644 --- a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java +++ b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java @@ -30,7 +30,7 @@ class PropertiesUtilTest { void shouldThrowExceptionWithInvalidStringName() { assertThatIllegalArgumentException() .isThrownBy(() -> PropertiesUtil.validateName(INVALID_STRING)) - .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*"); + .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*+"); } @Test From d44f3a804a7a3935a037e8da95639b90314e4690 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 16:42:05 +0000 Subject: [PATCH 07/10] test 2 for SQ sec hotspots --- .../uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java index 9851d2d8249..6661351493a 100644 --- a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java +++ b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java @@ -39,7 +39,7 @@ * admin role. If not it uses a predicate to determine if the user can access a resource. */ @SuppressFBWarnings(value = "SE_BAD_FIELD", justification = "Gets serialised by the JSC cache") -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, property = "class") +@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "class") public class AccessPredicate implements BiPredicate, Serializable { private final Predicate userPredicate; From aaffb50eb835add9345fa0e5513428b8d113b23c Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 16:58:15 +0000 Subject: [PATCH 08/10] Revert "test 2 for SQ sec hotspots" This reverts commit d44f3a804a7a3935a037e8da95639b90314e4690. --- .../uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java index 6661351493a..9851d2d8249 100644 --- a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java +++ b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java @@ -39,7 +39,7 @@ * admin role. If not it uses a predicate to determine if the user can access a resource. */ @SuppressFBWarnings(value = "SE_BAD_FIELD", justification = "Gets serialised by the JSC cache") -@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "class") +@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, property = "class") public class AccessPredicate implements BiPredicate, Serializable { private final Predicate userPredicate; From e299ccc460a24c1a6611b464b7cdcecc2ca91748 Mon Sep 17 00:00:00 2001 From: ms9698 Date: Tue, 19 Nov 2024 17:00:03 +0000 Subject: [PATCH 09/10] Revert "testing SQ sec hotspots" This reverts commit 21cfbd797a05a58af224bbdfea8499d7946b10b9. --- .../main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java | 2 +- .../java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java index d4355c7a134..1dd660a6e8a 100644 --- a/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java +++ b/core/common-util/src/main/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtil.java @@ -23,7 +23,7 @@ * Utility methods for Schema Properties. */ public final class PropertiesUtil { - private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*+"); + private static final Pattern PROPERTY_ALLOWED_CHARACTERS = Pattern.compile("[a-zA-Z0-9|-]*"); private PropertiesUtil() { // Private constructor to prevent instantiation. diff --git a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java index a46af154391..a4ffa83ee68 100644 --- a/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java +++ b/core/common-util/src/test/java/uk/gov/gchq/gaffer/commonutil/PropertiesUtilTest.java @@ -30,7 +30,7 @@ class PropertiesUtilTest { void shouldThrowExceptionWithInvalidStringName() { assertThatIllegalArgumentException() .isThrownBy(() -> PropertiesUtil.validateName(INVALID_STRING)) - .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*+"); + .withMessage("Property is invalid: inv@l1dStr|ng&^, it must match regex: [a-zA-Z0-9|-]*"); } @Test From df659b120692771ddb7178256df6b161ec4eebaa Mon Sep 17 00:00:00 2001 From: ms9698 Date: Wed, 20 Nov 2024 10:01:53 +0000 Subject: [PATCH 10/10] testing --- .../uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java index 9851d2d8249..6661351493a 100644 --- a/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java +++ b/core/access/src/main/java/uk/gov/gchq/gaffer/access/predicate/AccessPredicate.java @@ -39,7 +39,7 @@ * admin role. If not it uses a predicate to determine if the user can access a resource. */ @SuppressFBWarnings(value = "SE_BAD_FIELD", justification = "Gets serialised by the JSC cache") -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, property = "class") +@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "class") public class AccessPredicate implements BiPredicate, Serializable { private final Predicate userPredicate;