This is an automated email from the ASF dual-hosted git repository. reschke pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push: new 283a1d7fea OAK-10787: oak-lucene: backport fix for lucene-core vulnerability (#1443) 283a1d7fea is described below commit 283a1d7fea23fdceff8dda6e88b059d6990eff09 Author: Julian Reschke <resc...@apache.org> AuthorDate: Thu May 16 05:58:54 2024 +0200 OAK-10787: oak-lucene: backport fix for lucene-core vulnerability (#1443) * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - include copy of lucene-core 4.7.2 (g...@github.com:apache/lucene.git, tag releases/lucene-solr/4.7.2, path lucene/core/src/java) * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - fix two issues JDK 11 incompatibility * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - remove lucene-core dependency * OAK-10786: add a comment about where the code originates from * OAK-10786: bump exported lucene package version to clarify that this is Oak's fork * OAK-10786: add copies of META-INF/services/org.apache.lucene.codecs.DocValuesFormat and META-INF/services/org.apache.lucene.codecs.PostingsFormat * OAK-10787: oak-lucene: backport fix for lucene-core vulnerability --- oak-lucene/pom.xml | 2 +- .../org/apache/lucene/util/automaton/RegExp.java | 42 +++++++++++++++------- .../plugins/index/lucene/LuceneSecurityTest.java | 2 -- .../oak/plugins/index/FullTextIndexCommonTest.java | 2 -- 4 files changed, 31 insertions(+), 17 deletions(-) diff --git a/oak-lucene/pom.xml b/oak-lucene/pom.xml index c1f080d0c4..aa19373e98 100644 --- a/oak-lucene/pom.xml +++ b/oak-lucene/pom.xml @@ -107,7 +107,7 @@ <_exportcontents> !org.apache.lucene.queryparser.xml, !org.apache.lucene.queryparser.xml.builders, - org.apache.lucene.*;version=4.7.2-oak1<!-- first Oak modification of original lucence-core 4.7.2 source code, see OAK-10786 for further information --> + org.apache.lucene.*;version=4.7.2-oak2<!-- second Oak modification of original lucence-core 4.7.2 source code, see OAK-10786 for further information --> </_exportcontents> <Export-Package> org.apache.jackrabbit.oak.plugins.index.lucene, diff --git a/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java b/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java index 3dd1c87950..c088fc1c5e 100644 --- a/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java +++ b/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java @@ -43,6 +43,8 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.function.BooleanSupplier; +import java.util.function.Supplier; /** * Regular Expression extension to <code>Automaton</code>. @@ -872,23 +874,39 @@ public class RegExp { } final RegExp parseUnionExp() throws IllegalArgumentException { - RegExp e = parseInterExp(); - if (match('|')) e = makeUnion(e, parseUnionExp()); - return e; + return iterativeParseExp(this::parseInterExp, () -> match('|'), RegExp::makeUnion); } final RegExp parseInterExp() throws IllegalArgumentException { - RegExp e = parseConcatExp(); - if (check(INTERSECTION) && match('&')) e = makeIntersection(e, - parseInterExp()); - return e; + return iterativeParseExp( + this::parseConcatExp, () -> check(INTERSECTION) && match('&'), RegExp::makeIntersection); } final RegExp parseConcatExp() throws IllegalArgumentException { - RegExp e = parseRepeatExp(); - if (more() && !peek(")|") && (!check(INTERSECTION) || !peek("&"))) e = makeConcatenation( - e, parseConcatExp()); - return e; + return iterativeParseExp( + this::parseRepeatExp, + () -> (more() && !peek(")|") && (!check(INTERSECTION) || !peek("&"))), + RegExp::makeConcatenation); + } + + /** + * Custom Functional Interface for a Supplying methods with signature of RegExp(RegExp + * exp1, RegExp exp2) + */ + @FunctionalInterface + private interface MakeRegexGroup { + RegExp get(RegExp exp1, RegExp exp2); + } + + final RegExp iterativeParseExp( + Supplier<RegExp> gather, BooleanSupplier stop, MakeRegexGroup associativeReduce) + throws IllegalArgumentException { + RegExp result = gather.get(); + while (stop.getAsBoolean() == true) { + RegExp e = gather.get(); + result = associativeReduce.get(result, e); + } + return result; } final RegExp parseRepeatExp() throws IllegalArgumentException { @@ -985,7 +1003,7 @@ public class RegExp { try { if (i == 0 || i == s.length() - 1 || i != s.lastIndexOf('-')) throw new NumberFormatException(); String smin = s.substring(0, i); - String smax = s.substring(i + 1, s.length()); + String smax = s.substring(i + 1); int imin = Integer.parseInt(smin); int imax = Integer.parseInt(smax); int digits; diff --git a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java index 226f715308..dd8b4967d5 100755 --- a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java +++ b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java @@ -18,7 +18,6 @@ */ package org.apache.jackrabbit.oak.plugins.index.lucene; -import org.junit.Ignore; import org.junit.Test; /** @@ -27,7 +26,6 @@ import org.junit.Test; public class LuceneSecurityTest { @Test - @Ignore("OAK-10713") public void complexRegexp() throws Exception { // test borrowed from: https://github.com/apache/lucene/issues/11537 StringBuilder strBuilder = new StringBuilder(); diff --git a/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java b/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java index e02d1ead07..60994d65b5 100644 --- a/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java +++ b/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java @@ -22,7 +22,6 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; import org.apache.jackrabbit.oak.plugins.index.search.util.IndexDefinitionBuilder; import org.apache.jackrabbit.oak.query.AbstractQueryTest; -import org.junit.Ignore; import org.junit.Test; import java.util.List; @@ -65,7 +64,6 @@ public abstract class FullTextIndexCommonTest extends AbstractQueryTest { } @Test - @Ignore("OAK-10777") public void fullTextQueryRegExp() throws Exception { Tree index = setup(builder -> builder.indexRule("nt:base").property("propa").analyzed(), idx -> { },