Skip to content

Commit cdbee84

Browse files
ujibangujibang
committed
🐛 Prevent unintended regex interpretation issues when processing mongo-mount mapped URIs in MongoRequest
1 parent 56e28ec commit cdbee84

File tree

1 file changed

+14
-6
lines changed

1 file changed

+14
-6
lines changed

commons/src/main/java/org/restheart/exchange/MongoRequest.java

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
import java.util.Deque;
2828
import java.util.Map;
2929
import java.util.Optional;
30+
import java.util.regex.Pattern;
3031
import java.util.stream.Collectors;
3132

3233
import org.bson.BsonArray;
@@ -491,15 +492,21 @@ private String unmapUri(String mappedUri) {
491492
}
492493
}
493494

495+
Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\].+*?^$\\\\|]");
496+
497+
String escapeSpecialRegexChars(String str) {
498+
return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
499+
}
500+
494501
private String unmapPathUri(String mappedUri) {
495502
var ret = URLUtils.removeTrailingSlashes(mappedUri);
496503

497504
if (whatUri.equals("*")) {
498505
if (!this.whereUri.equals(SLASH)) {
499-
ret = ret.replaceFirst("^" + this.whereUri, "");
506+
ret = ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), "");
500507
}
501508
} else if (!this.whereUri.equals(SLASH)) {
502-
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + this.whereUri, this.whatUri));
509+
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), this.whatUri));
503510
} else {
504511
ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(this.whatUri) + ret);
505512
}
@@ -518,10 +525,11 @@ private String unmapPathTemplateUri(String mappedUri) {
518525
// now replace mappedUri with resolved path template
519526
if (replacedWhatUri.equals("*")) {
520527
if (!this.whereUri.equals(SLASH)) {
521-
ret = ret.replaceFirst("^" + rewriteUri, "");
528+
ret = ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), "");
522529
}
523530
} else if (!this.whereUri.equals(SLASH)) {
524-
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + rewriteUri, replacedWhatUri));
531+
var x = rewriteUri;
532+
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), replacedWhatUri));
525533
} else {
526534
ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(replacedWhatUri) + ret);
527535
}
@@ -553,7 +561,7 @@ private String mapPathUri(String unmappedUri) {
553561
return this.whereUri + unmappedUri;
554562
}
555563
} else {
556-
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + this.whatUri, this.whereUri));
564+
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whatUri), this.whereUri));
557565
}
558566

559567
if (ret.isEmpty()) {
@@ -576,7 +584,7 @@ private String mapPathTemplateUri(String unmappedUri) {
576584
return rewriteUri + unmappedUri;
577585
}
578586
} else {
579-
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + replacedWhatUri, rewriteUri));
587+
ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(replacedWhatUri), rewriteUri));
580588
}
581589

582590
return ret.isEmpty() ? SLASH : ret;

0 commit comments

Comments
 (0)