♻️ Use Patter.quote() in all replaceFirst() and replaceAll() invocations

ujibang · ujibang · commit ce0e1ac86acc · 2025-02-28T13:49:57.000+01:00
diff --git a/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java b/commons/src/main/java/org/restheart/security/AclVarsInterpolator.java
@@ -276,12 +276,12 @@ static String interpolatePredicate(String predicate, String prefix, BsonDocument
         // interpolate primitive values
         flatten.keySet().stream().filter(key -> flatten.get(key) != null)
                 .filter(key -> isJsonPrimitive(flatten.get(key)))
-                .forEach(key -> ret[0] = ret[0].replaceAll(prefix.concat(key), quote(jsonPrimitiveValue(flatten.get(key)))));
+                .forEach(key -> ret[0] = ret[0].replaceAll(Pattern.quote(prefix.concat(key)), quote(jsonPrimitiveValue(flatten.get(key)))));
 
         // interpolate arrays
         flatten.keySet().stream().filter(key -> flatten.get(key) != null)
                 .filter(key -> isJsonArray(flatten.get(key)))
-                .forEach(key -> ret[0] = ret[0].replaceAll(prefix.concat(key), jsonArrayValue(flatten.get(key).asArray())));
+                .forEach(key -> ret[0] = ret[0].replaceAll(Pattern.quote(prefix.concat(key)), jsonArrayValue(flatten.get(key).asArray())));
 
         // remove unboud variables
         flatten.keySet().stream().forEach(key -> ret[0] = removeUnboundVariables(prefix, ret[0]));
diff --git a/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java b/commons/src/main/java/org/restheart/utils/ResourcesExtractor.java
@@ -34,6 +34,8 @@
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.regex.Pattern;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -77,6 +79,7 @@ public static void deleteTempDir(Class clazz, String resourcePath, File tempDir)
 
     /**
      *
+     * @param clazz
      * @param resourcePath
      * @return
      * @throws java.io.IOException
@@ -127,7 +130,7 @@ private FileVisitResult copy(Path fileOrDir) throws IOException {
                             return FileVisitResult.CONTINUE;
                         }
 
-                        Path destination = Paths.get(destinationDir.toString(), fileOrDir.toString().replaceAll(resourcePath + "/", ""));
+                        Path destination = Paths.get(destinationDir.toString(), fileOrDir.toString().replaceAll(Pattern.quote(resourcePath) + "/", ""));
 
                         Files.copy(fileOrDir, destination, StandardCopyOption.REPLACE_EXISTING);
                         return FileVisitResult.CONTINUE;
diff --git a/commons/src/main/java/org/restheart/utils/URLUtils.java b/commons/src/main/java/org/restheart/utils/URLUtils.java
@@ -130,7 +130,7 @@ public static String getParentPath(String path) {
      * @return the prefix url of the exchange
      */
     public static String getPrefixUrl(HttpServerExchange exchange) {
-        return exchange.getRequestURL().replaceAll(exchange.getRelativePath(), "");
+        return exchange.getRequestURL().replaceAll(Pattern.quote(exchange.getRelativePath()), "");
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ public static String getParentPath(String path) {`
`130`	`130`	`* @return the prefix url of the exchange`
`131`	`131`	`*/`
`132`	`132`	`public static String getPrefixUrl(HttpServerExchange exchange) {`
`133`		`- return exchange.getRequestURL().replaceAll(exchange.getRelativePath(), "");`
	`133`	`+ return exchange.getRequestURL().replaceAll(Pattern.quote(exchange.getRelativePath()), "");`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`/**`