NIFI-12305 Optimized Regular Expression patterns

- Updated SampleRecord range validation to split on comma and validate individual ranges - Updated AccessPolicyEndpointMerger to restrict the set of characters matched Signed-off-by: Matt Burgess <mattyb149@apache.org> This closes #7967
2023-10-31 10:05:36 -05:00 · 2023-10-31 10:05:36 -05:00 · 9b29fffbc6
parent ccd2f0677d
commit 9b29fffbc6
3 changed files with 21 additions and 7 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMerger.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMerger.java
@ -31,7 +31,7 @@ import java.util.regex.Pattern;
 public class AccessPolicyEndpointMerger extends AbstractSingleEntityEndpoint<AccessPolicyEntity> implements EndpointResponseMerger {
    public static final Pattern ACCESS_POLICIES_URI_PATTERN = Pattern.compile("/nifi-api/policies");
    public static final Pattern ACCESS_POLICY_URI_PATTERN = Pattern.compile("/nifi-api/policies/[a-f0-9\\-]{36}");
-    public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN = Pattern.compile("/nifi-api/policies/(?:read|write)/(?:[\\w-]+?/?)+");
+    public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN = Pattern.compile("/nifi-api/policies/(?:read|write)/[a-z0-9\\-/]+");
    private final AccessPolicyEntityMerger accessPolicyEntityMerger = new AccessPolicyEntityMerger();

    @Override
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMergerTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMergerTest.java
@ -36,6 +36,7 @@ public class AccessPolicyEndpointMergerTest {
        assertFalse(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/Read/flow"), "GET"));
        assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/read/flow"), "GET"));
        assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/read/processors/" + UUID.randomUUID()), "GET"));
+        assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/write/processors/" + UUID.randomUUID()), "GET"));
    }

 }
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/SampleRecord.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/SampleRecord.java
@ -92,8 +92,9 @@ public class SampleRecord extends AbstractProcessor {
                    + "the value of the 'Reservoir Size' property. Note that if the value is very large it may cause memory issues as "
                    + "the reservoir is kept in-memory.");

-    private final static Pattern RANGE_PATTERN = Pattern.compile("^([0-9]+)?(-)?([0-9]+)?(,([0-9]+)?-?([0-9]+)?)*?");
-    private final static Pattern INTERVAL_PATTERN = Pattern.compile("([0-9]+)?(-)?([0-9]+)?(?:,|$)");
+    private static final String RANGE_SEPARATOR = ",";
+    private static final Pattern RANGE_PATTERN = Pattern.compile("^([0-9]+)?(-)?([0-9]+)?");
+    private static final Pattern INTERVAL_PATTERN = Pattern.compile("([0-9]+)?(-)?([0-9]+)?(?:,|$)");


    static final PropertyDescriptor RECORD_READER_FACTORY = new PropertyDescriptor.Builder()
@ -277,14 +278,14 @@ public class SampleRecord extends AbstractProcessor {
                recordSetWriter.flush();
                recordSetWriter.close();
            } catch (final IOException ioe) {
-                getLogger().warn("Failed to close Writer for {}", new Object[]{outFlowFile});
+                getLogger().warn("Failed to close Writer for {}", outFlowFile);
            }

            attributes.put("record.count", String.valueOf(writeResult.getRecordCount()));
            attributes.put(CoreAttributes.MIME_TYPE.key(), recordSetWriter.getMimeType());
            attributes.putAll(writeResult.getAttributes());
        } catch (Exception e) {
-            getLogger().error("Error during transmission of records due to {}, routing to failure", e.getMessage(), e);
+            getLogger().error("Error during transmission of records, routing to failure", e);
            session.transfer(flowFile, REL_FAILURE);
            session.remove(sampledFlowFile);
            return;
@ -344,13 +345,25 @@ public class SampleRecord extends AbstractProcessor {
            this.rangeExpression = rangeExpression;
        }

+        private boolean isRangeExpressionInvalid() {
+            boolean invalid = false;
+            final String[] ranges = rangeExpression.split(RANGE_SEPARATOR);
+            for (final String range : ranges) {
+                final Matcher matcher = RANGE_PATTERN.matcher(range);
+                if (!matcher.matches()) {
+                    invalid = true;
+                    break;
+                }
+            }
+            return invalid;
+        }
+
        @Override
        public void init() throws IOException {
            currentCount = 1;
            ranges.clear();
            writer.beginRecordSet();
-            Matcher validateRangeExpression = RANGE_PATTERN.matcher(rangeExpression);
-            if (!validateRangeExpression.matches()) {
+            if (isRangeExpressionInvalid()) {
                throw new IOException(rangeExpression + " is not a valid range expression");
            }
            Integer startRange, endRange;