github-advanced-security[bot] commented on code in PR #7967:
URL: https://github.com/apache/nifi/pull/7967#discussion_r1379116441
##########
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/AccessPolicyEndpointMerger.java:
##########
@@ -31,7 +31,7 @@
public class AccessPolicyEndpointMerger extends
AbstractSingleEntityEndpoint<AccessPolicyEntity> implements
EndpointResponseMerger {
public static final Pattern ACCESS_POLICIES_URI_PATTERN =
Pattern.compile("/nifi-api/policies");
public static final Pattern ACCESS_POLICY_URI_PATTERN =
Pattern.compile("/nifi-api/policies/[a-f0-9\\-]{36}");
- public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN =
Pattern.compile("/nifi-api/policies/(?:read|write)/(?:[\\w-]+?/?)+");
+ public static final Pattern ACCESS_POLICY_LOOKUP_URI_PATTERN =
Pattern.compile("/nifi-api/policies/(?:read|write)/(?:[a-z0-9\\-]+?/?)+");
Review Comment:
## Inefficient regular expression
This part of the regular expression may cause exponential backtracking on
strings starting with '/nifi-api/policies/read/' and containing many
repetitions of '-'.
[Show more details](https://github.com/apache/nifi/security/code-scanning/58)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
