Skip to content

Commit cc7fd42

Browse files
committed
fix: Prevent stack overflow in hostname regex on large inputs
Replace nested capturing groups with non-capturing groups and use a possessive quantifier on the outer repetition. This eliminates the recursive-backtracking path Java's regex engine would otherwise follow, addressing the SonarQube finding.
1 parent 6d6276e commit cc7fd42

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/main/java/com/retailsvc/http/validate/DefaultValidator.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -69,8 +69,8 @@ private record FormatCheck(Predicate<String> isValid, String message) {}
6969

7070
private static final Pattern HOSTNAME =
7171
Pattern.compile(
72-
"^(?=.{1,253}$)([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)"
73-
+ "(\\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$");
72+
"^(?=.{1,253}$)[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?"
73+
+ "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*+$");
7474

7575
private static final Map<String, FormatCheck> FORMAT_CHECKS =
7676
Map.ofEntries(

0 commit comments

Comments
 (0)