This is an automated email from the ASF dual-hosted git repository.
zykkk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 737124aaef9 [fix](auth)fix use regex verify mysql password may cause
backtracking (#24900)
737124aaef9 is described below
commit 737124aaef9eb4e183c1863ff8ccc752f85d3027
Author: DongLiang-0 <[email protected]>
AuthorDate: Sun Oct 8 12:18:20 2023 +0800
[fix](auth)fix use regex verify mysql password may cause backtracking
(#24900)
---
.../java/org/apache/doris/mysql/MysqlPassword.java | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
index 10fcefcb710..7861e99e92c 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java
@@ -31,6 +31,8 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
+import java.util.Set;
+import java.util.stream.Collectors;
// this is stolen from MySQL
//
@@ -83,6 +85,12 @@ public class MysqlPassword {
private static final byte[] DIG_VEC_UPPER = {'0', '1', '2', '3', '4', '5',
'6', '7',
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
private static final Random random = new SecureRandom();
+ private static final Set<Character> complexCharSet;
+ public static final int MIN_PASSWORD_LEN = 8;
+
+ static {
+ complexCharSet = "~!@#$%^&*()_+|<>,.?/:;'[]{}".chars().mapToObj(c ->
(char) c).collect(Collectors.toSet());
+ }
public static byte[] createRandomString(int len) {
byte[] bytes = new byte[len];
@@ -281,12 +289,6 @@ public class MysqlPassword {
return passwd;
}
- public static final String REG_NUMBER = ".*\\d+.*";
- public static final String REG_UPPERCASE = ".*[A-Z]+.*";
- public static final String REG_LOWERCASE = ".*[a-z]+.*";
- public static final String REG_SYMBOL =
".*[~!@#$%^&*()_+|<>,.?/:;'\\[\\]{}\"]+.*";
- public static final int MIN_PASSWORD_LEN = 8;
-
public static void validatePlainPassword(long validaPolicy, String text)
throws AnalysisException {
if (validaPolicy == GlobalVariable.VALIDATE_PASSWORD_POLICY_STRONG) {
if (Strings.isNullOrEmpty(text) || text.length() <
MIN_PASSWORD_LEN) {
@@ -295,16 +297,16 @@ public class MysqlPassword {
}
int i = 0;
- if (text.matches(REG_NUMBER)) {
+ if (text.chars().anyMatch(Character::isDigit)) {
i++;
}
- if (text.matches(REG_LOWERCASE)) {
+ if (text.chars().anyMatch(Character::isLowerCase)) {
i++;
}
- if (text.matches(REG_UPPERCASE)) {
+ if (text.chars().anyMatch(Character::isUpperCase)) {
i++;
}
- if (text.matches(REG_SYMBOL)) {
+ if (text.chars().anyMatch(c -> complexCharSet.contains((char) c)))
{
i++;
}
if (i < 3) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
