DATACMNS-1285 - PropertyPath now limits the depth of its parsing to 1000 segments.
This commit is contained in:
@@ -46,6 +46,8 @@ import org.springframework.util.StringUtils;
|
||||
@EqualsAndHashCode
|
||||
public class PropertyPath implements Streamable<PropertyPath> {
|
||||
|
||||
private static final String PARSE_DEPTH_EXCEEDED = "Trying to parse a path with depth greater than 1000! This has been disabled for security reasons to prevent parsing overflows.";
|
||||
|
||||
private static final String DELIMITERS = "_\\.";
|
||||
private static final String ALL_UPPERCASE = "[A-Z0-9._$]+";
|
||||
private static final Pattern SPLITTER = Pattern.compile("(?:[%s]?([%s]*?[^%s]+))".replaceAll("%s", DELIMITERS));
|
||||
@@ -366,6 +368,10 @@ public class PropertyPath implements Streamable<PropertyPath> {
|
||||
*/
|
||||
private static PropertyPath create(String source, TypeInformation<?> type, String addTail, List<PropertyPath> base) {
|
||||
|
||||
if (base.size() > 1000) {
|
||||
throw new IllegalArgumentException(PARSE_DEPTH_EXCEEDED);
|
||||
}
|
||||
|
||||
PropertyReferenceException exception = null;
|
||||
PropertyPath current = null;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user