diff --git a/commons/pom.xml b/commons/pom.xml
index 869b452243..ce912a0326 100644
--- a/commons/pom.xml
+++ b/commons/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/commons/src/main/java/org/restheart/configuration/Configuration.java b/commons/src/main/java/org/restheart/configuration/Configuration.java
index 3cfb02108d..d246dc7d85 100644
--- a/commons/src/main/java/org/restheart/configuration/Configuration.java
+++ b/commons/src/main/java/org/restheart/configuration/Configuration.java
@@ -33,6 +33,7 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.jxpath.JXPathContext;
@@ -427,7 +428,7 @@ private static Map overrideConfiguration(Map con
var _pwd = cs.getPassword();
if (_pwd != null) {
var pwd = new String(_pwd);
- maskedValue.put(k, svalue.replaceFirst(pwd, MASK));
+ maskedValue.put(k, svalue.replaceFirst(Pattern.quote(pwd), MASK));
}
} catch (Throwable t) {
maskedValue.put(k, mapValue);
@@ -444,7 +445,7 @@ private static Map overrideConfiguration(Map con
var _pwd = cs.getPassword();
if (_pwd != null) {
var pwd = new String(_pwd);
- LOGGER.info(LOG_PATTERN, o.path(), svalue.replaceFirst(pwd, MASK));
+ LOGGER.info(LOG_PATTERN, o.path(), svalue.replaceFirst(Pattern.quote(pwd), MASK));
}
} catch (Throwable t) {
LOGGER.info(LOG_PATTERN, o.path(), o.value());
diff --git a/commons/src/main/java/org/restheart/exchange/MongoRequest.java b/commons/src/main/java/org/restheart/exchange/MongoRequest.java
index 658fc7bea8..35cc804818 100644
--- a/commons/src/main/java/org/restheart/exchange/MongoRequest.java
+++ b/commons/src/main/java/org/restheart/exchange/MongoRequest.java
@@ -492,21 +492,15 @@ private String unmapUri(String mappedUri) {
}
}
- Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\].+*?^$\\\\|]");
-
- String escapeSpecialRegexChars(String str) {
- return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
- }
-
private String unmapPathUri(String mappedUri) {
var ret = URLUtils.removeTrailingSlashes(mappedUri);
if (whatUri.equals("*")) {
if (!this.whereUri.equals(SLASH)) {
- ret = ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), "");
+ ret = ret.replaceFirst("^" + Pattern.quote(this.whereUri), "");
}
} else if (!this.whereUri.equals(SLASH)) {
- ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), this.whatUri));
+ ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + Pattern.quote(this.whereUri), this.whatUri));
} else {
ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(this.whatUri) + ret);
}
@@ -525,11 +519,11 @@ private String unmapPathTemplateUri(String mappedUri) {
// now replace mappedUri with resolved path template
if (replacedWhatUri.equals("*")) {
if (!this.whereUri.equals(SLASH)) {
- ret = ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), "");
+ ret = ret.replaceFirst("^" + Pattern.quote(rewriteUri), "");
}
} else if (!this.whereUri.equals(SLASH)) {
var x = rewriteUri;
- ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), replacedWhatUri));
+ ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + Pattern.quote(rewriteUri), replacedWhatUri));
} else {
ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(replacedWhatUri) + ret);
}
@@ -561,7 +555,7 @@ private String mapPathUri(String unmappedUri) {
return this.whereUri + unmappedUri;
}
} else {
- ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whatUri), this.whereUri));
+ ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + Pattern.quote(this.whatUri), this.whereUri));
}
if (ret.isEmpty()) {
@@ -584,7 +578,7 @@ private String mapPathTemplateUri(String unmappedUri) {
return rewriteUri + unmappedUri;
}
} else {
- ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(replacedWhatUri), rewriteUri));
+ ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + Pattern.quote(replacedWhatUri), rewriteUri));
}
return ret.isEmpty() ? SLASH : ret;
diff --git a/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java b/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java
index efbceab1ce..f457147030 100644
--- a/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java
+++ b/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java
@@ -276,12 +276,12 @@ static String interpolatePredicate(String predicate, String prefix, BsonDocument
// interpolate primitive values
flatten.keySet().stream().filter(key -> flatten.get(key) != null)
.filter(key -> isJsonPrimitive(flatten.get(key)))
- .forEach(key -> ret[0] = ret[0].replaceAll(prefix.concat(key), quote(jsonPrimitiveValue(flatten.get(key)))));
+ .forEach(key -> ret[0] = ret[0].replaceAll(Pattern.quote(prefix.concat(key)), quote(jsonPrimitiveValue(flatten.get(key)))));
// interpolate arrays
flatten.keySet().stream().filter(key -> flatten.get(key) != null)
.filter(key -> isJsonArray(flatten.get(key)))
- .forEach(key -> ret[0] = ret[0].replaceAll(prefix.concat(key), jsonArrayValue(flatten.get(key).asArray())));
+ .forEach(key -> ret[0] = ret[0].replaceAll(Pattern.quote(prefix.concat(key)), jsonArrayValue(flatten.get(key).asArray())));
// remove unboud variables
flatten.keySet().stream().forEach(key -> ret[0] = removeUnboundVariables(prefix, ret[0]));
diff --git a/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java b/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java
index a4d4a41ecd..8cab9d0bc5 100644
--- a/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java
+++ b/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java
@@ -34,6 +34,8 @@
import java.nio.file.attribute.BasicFileAttributes;
import java.util.HashMap;
import java.util.Map;
+import java.util.regex.Pattern;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -77,6 +79,7 @@ public static void deleteTempDir(Class clazz, String resourcePath, File tempDir)
/**
*
+ * @param clazz
* @param resourcePath
* @return
* @throws java.io.IOException
@@ -127,7 +130,7 @@ private FileVisitResult copy(Path fileOrDir) throws IOException {
return FileVisitResult.CONTINUE;
}
- Path destination = Paths.get(destinationDir.toString(), fileOrDir.toString().replaceAll(resourcePath + "/", ""));
+ Path destination = Paths.get(destinationDir.toString(), fileOrDir.toString().replaceAll(Pattern.quote(resourcePath) + "/", ""));
Files.copy(fileOrDir, destination, StandardCopyOption.REPLACE_EXISTING);
return FileVisitResult.CONTINUE;
diff --git a/commons/src/main/java/org/restheart/utils/URLUtils.java b/commons/src/main/java/org/restheart/utils/URLUtils.java
index e52a4d50b6..34e4516d3d 100644
--- a/commons/src/main/java/org/restheart/utils/URLUtils.java
+++ b/commons/src/main/java/org/restheart/utils/URLUtils.java
@@ -130,7 +130,7 @@ public static String getParentPath(String path) {
* @return the prefix url of the exchange
*/
public static String getPrefixUrl(HttpServerExchange exchange) {
- return exchange.getRequestURL().replaceAll(exchange.getRelativePath(), "");
+ return exchange.getRequestURL().replaceAll(Pattern.quote(exchange.getRelativePath()), "");
}
/**
diff --git a/core/pom.xml b/core/pom.xml
index 9042c5a170..beebfae429 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
diff --git a/graphql/pom.xml b/graphql/pom.xml
index 253dc2b259..8319fc8f9e 100644
--- a/graphql/pom.xml
+++ b/graphql/pom.xml
@@ -7,7 +7,7 @@
restheart-parent
org.restheart
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/metrics/pom.xml b/metrics/pom.xml
index f85b2cb5a0..27b7c46a3a 100644
--- a/metrics/pom.xml
+++ b/metrics/pom.xml
@@ -8,7 +8,7 @@
restheart-parent
org.restheart
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/mongoclient/pom.xml b/mongoclient/pom.xml
index 05f2addc4c..c2870c7895 100644
--- a/mongoclient/pom.xml
+++ b/mongoclient/pom.xml
@@ -4,7 +4,7 @@
restheart-parent
org.restheart
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/mongodb/pom.xml b/mongodb/pom.xml
index 1c367332e2..08a35453d6 100644
--- a/mongodb/pom.xml
+++ b/mongodb/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/polyglot/pom.xml b/polyglot/pom.xml
index 8c320a0a41..d5fd4256dc 100644
--- a/polyglot/pom.xml
+++ b/polyglot/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/pom.xml b/pom.xml
index fa7ef1a388..0a19452657 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
pom
RESTHeart - Low code platform for cloud-native HTTP microservices.
diff --git a/security/pom.xml b/security/pom.xml
index c8fd139c28..4b4c65eda9 100644
--- a/security/pom.xml
+++ b/security/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
org.restheart
diff --git a/test-plugins/pom.xml b/test-plugins/pom.xml
index 11f58ce8dd..232130d427 100644
--- a/test-plugins/pom.xml
+++ b/test-plugins/pom.xml
@@ -5,7 +5,7 @@
org.restheart
restheart-parent
- 8.3.3
+ 8.3.4
org.restheart