(jackrabbit-oak) branch 1.22 updated: OAK-10713: add (failing) list for Lucene regexp stack overflow (#1373)

Mon, 15 Apr 2024 20:58:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

reschke pushed a commit to branch 1.22
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git


The following commit(s) were added to refs/heads/1.22 by this push:
     new 107ff75928 OAK-10713: add (failing) list for Lucene regexp stack 
overflow (#1373)
107ff75928 is described below

commit 107ff75928aa0aee7148e4c42abbc18f22d44639
Author: Julian Reschke <resc...@apache.org>
AuthorDate: Fri Mar 22 17:58:05 2024 +0100

    OAK-10713: add (failing) list for Lucene regexp stack overflow (#1373)
---
 .../plugins/index/lucene/LuceneSecurityTest.java   | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git 
a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
 
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
new file mode 100755
index 0000000000..226f715308
--- /dev/null
+++ 
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.jackrabbit.oak.plugins.index.lucene;
+
+import org.junit.Ignore;
+import org.junit.Test;
+
+/**
+ * Tests for potential security issues
+ */
+public class LuceneSecurityTest {
+
+    @Test
+    @Ignore("OAK-10713")
+    public void complexRegexp() throws Exception {
+        // test borrowed from: https://github.com/apache/lucene/issues/11537
+        StringBuilder strBuilder = new StringBuilder();
+        for (int i = 0; i < 50000; i++) {
+            strBuilder.append("a");
+        }
+
+        new org.apache.lucene.util.automaton.RegExp(strBuilder.toString());
+    }
+}

Reply via email to