diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-09 16:56:04 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-09 16:56:04 +0100 |
commit | 286d3cb295bcb06e4bd051050e97b45b70c028f8 (patch) | |
tree | d5ceeae083a94f49760c9b9a04b370e796590d66 /security-utils/src/main/java/com | |
parent | 800c53c580717f7f1d8bcc02d31235ac6d3673d2 (diff) |
Disable '?' as single char wildcard for URI matching
Diffstat (limited to 'security-utils/src/main/java/com')
3 files changed, 6 insertions, 6 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java index 30d4186f8a5..46a38a77844 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/GlobPattern.java @@ -15,10 +15,10 @@ class GlobPattern { private final char[] boundaries; private final Pattern regexPattern; - GlobPattern(String pattern, char[] boundaries) { + GlobPattern(String pattern, char[] boundaries, boolean enableSingleCharWildcard) { this.pattern = pattern; this.boundaries = boundaries; - this.regexPattern = toRegexPattern(pattern, boundaries); + this.regexPattern = toRegexPattern(pattern, boundaries, enableSingleCharWildcard); } boolean matches(String value) { return regexPattern.matcher(value).matches(); } @@ -27,12 +27,12 @@ class GlobPattern { Pattern regexPattern() { return regexPattern; } char[] boundaries() { return boundaries; } - private static Pattern toRegexPattern(String pattern, char[] boundaries) { + private static Pattern toRegexPattern(String pattern, char[] boundaries, boolean enableSingleCharWildcard) { StringBuilder builder = new StringBuilder("^"); StringBuilder precedingCharactersToQuote = new StringBuilder(); char[] chars = pattern.toCharArray(); for (char c : chars) { - if (c == '?' || c == '*') { + if ((enableSingleCharWildcard && c == '?') || c == '*') { builder.append(quotePrecedingLiteralsAndReset(precedingCharactersToQuote)); // Note: we explicitly stop matching at a separator boundary. // This is to make matching less vulnerable to dirty tricks (e.g dot as boundary for hostnames). diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java index d59052a48ef..cb9ba13cae4 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java @@ -11,7 +11,7 @@ class HostGlobPattern implements RequiredPeerCredential.Pattern { private final GlobPattern globPattern; HostGlobPattern(String pattern) { - this.globPattern = new GlobPattern(pattern, new char[] {'.'}); + this.globPattern = new GlobPattern(pattern, new char[] {'.'}, true); } @Override diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java index 006ca83a403..b2cc0688bb9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/UriGlobPattern.java @@ -13,7 +13,7 @@ class UriGlobPattern implements RequiredPeerCredential.Pattern { private final GlobPattern globPattern; UriGlobPattern(String globPattern) { - this.globPattern = new GlobPattern(globPattern, new char[] {'/'}); + this.globPattern = new GlobPattern(globPattern, new char[] {'/'}, false); } @Override public String asString() { return globPattern.asString(); } |