NIFI-12305 Optimized Regular Expression patterns

- Updated SampleRecord range validation to split on comma and validate individual ranges - Updated AccessPolicyEndpointMerger to restrict the set of characters matched Signed-off-by: Matt Burgess <[email protected]> This closes apache#7967
nexr · Nov 6, 2023 · 9b29fff · 9b29fff
1 parent ccd2f06
commit 9b29fff
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 7 deletions.
diff --git a/.../java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMerger.java b/.../java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMerger.java
@@ -31,7 +31,7 @@
 public class AccessPolicyEndpointMerger extends AbstractSingleEntityEndpoint<AccessPolicyEntity> implements EndpointResponseMerger {
     public static final Pattern ACCESS_POLICIES_URI_PATTERN = Pattern.compile("/nifi-api/policies");
     public static final Pattern ACCESS_POLICY_URI_PATTERN = Pattern.compile("/nifi-api/policies/[a-f0-9\\-]{36}");
-    public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN = Pattern.compile("/nifi-api/policies/(?:read|write)/(?:[\\w-]+?/?)+");
+    public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN = Pattern.compile("/nifi-api/policies/(?:read|write)/[a-z0-9\\-/]+");
     private final AccessPolicyEntityMerger accessPolicyEntityMerger = new AccessPolicyEntityMerger();
 
     @Override

diff --git a/...a/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMergerTest.java b/...a/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMergerTest.java
@@ -36,6 +36,7 @@ public void testCanHandle() {
         assertFalse(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/Read/flow"), "GET"));
         assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/read/flow"), "GET"));
         assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/read/processors/" + UUID.randomUUID()), "GET"));
+        assertTrue(merger.canHandle(URI.create("http://localhost:8080/nifi-api/policies/write/processors/" + UUID.randomUUID()), "GET"));
     }
 
 }
diff --git a/...i-standard-processors/src/main/java/org/apache/nifi/processors/standard/SampleRecord.java b/...i-standard-processors/src/main/java/org/apache/nifi/processors/standard/SampleRecord.java
@@ -92,8 +92,9 @@ public class SampleRecord extends AbstractProcessor {
                     + "the value of the 'Reservoir Size' property. Note that if the value is very large it may cause memory issues as "
                     + "the reservoir is kept in-memory.");
 
-    private final static Pattern RANGE_PATTERN = Pattern.compile("^([0-9]+)?(-)?([0-9]+)?(,([0-9]+)?-?([0-9]+)?)*?");
-    private final static Pattern INTERVAL_PATTERN = Pattern.compile("([0-9]+)?(-)?([0-9]+)?(?:,|$)");
+    private static final String RANGE_SEPARATOR = ",";
+    private static final Pattern RANGE_PATTERN = Pattern.compile("^([0-9]+)?(-)?([0-9]+)?");
+    private static final Pattern INTERVAL_PATTERN = Pattern.compile("([0-9]+)?(-)?([0-9]+)?(?:,|$)");
 
 
     static final PropertyDescriptor RECORD_READER_FACTORY = new PropertyDescriptor.Builder()
@@ -277,14 +278,14 @@ public void onTrigger(ProcessContext context, ProcessSession session) throws Pro
                 recordSetWriter.flush();
                 recordSetWriter.close();
             } catch (final IOException ioe) {
-                getLogger().warn("Failed to close Writer for {}", new Object[]{outFlowFile});
+                getLogger().warn("Failed to close Writer for {}", outFlowFile);
             }
 
             attributes.put("record.count", String.valueOf(writeResult.getRecordCount()));
             attributes.put(CoreAttributes.MIME_TYPE.key(), recordSetWriter.getMimeType());
             attributes.putAll(writeResult.getAttributes());
         } catch (Exception e) {
-            getLogger().error("Error during transmission of records due to {}, routing to failure", e.getMessage(), e);
+            getLogger().error("Error during transmission of records, routing to failure", e);
             session.transfer(flowFile, REL_FAILURE);
             session.remove(sampledFlowFile);
             return;
@@ -344,13 +345,25 @@ static class RangeSamplingStrategy implements SamplingStrategy {
             this.rangeExpression = rangeExpression;
         }
 
+        private boolean isRangeExpressionInvalid() {
+            boolean invalid = false;
+            final String[] ranges = rangeExpression.split(RANGE_SEPARATOR);
+            for (final String range : ranges) {
+                final Matcher matcher = RANGE_PATTERN.matcher(range);
+                if (!matcher.matches()) {
+                    invalid = true;
+                    break;
+                }
+            }
+            return invalid;
+        }
+
         @Override
         public void init() throws IOException {
             currentCount = 1;
             ranges.clear();
             writer.beginRecordSet();
-            Matcher validateRangeExpression = RANGE_PATTERN.matcher(rangeExpression);
-            if (!validateRangeExpression.matches()) {
+            if (isRangeExpressionInvalid()) {
                 throw new IOException(rangeExpression + " is not a valid range expression");
             }
             Integer startRange, endRange;