(jackrabbit-oak) branch trunk updated: OAK-10787: oak-lucene: backport fix for lucene-core vulnerability (#1443)

reschke Wed, 15 May 2024 20:59:08 -0700

This is an automated email from the ASF dual-hosted git repository.

reschke pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git



The following commit(s) were added to refs/heads/trunk by this push:
     new 283a1d7fea OAK-10787: oak-lucene: backport fix for lucene-core 
vulnerability (#1443)
283a1d7fea is described below

commit 283a1d7fea23fdceff8dda6e88b059d6990eff09
Author: Julian Reschke <resc...@apache.org>
AuthorDate: Thu May 16 05:58:54 2024 +0200

    OAK-10787: oak-lucene: backport fix for lucene-core vulnerability (#1443)
    
    * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - 
include copy of lucene-core 4.7.2 (g...@github.com:apache/lucene.git, tag 
releases/lucene-solr/4.7.2, path lucene/core/src/java)
    
    * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - fix 
two issues JDK 11 incompatibility
    
    * OAK-10786: oak-lucene: use copy of lucene-core 4.7.2 source code - remove 
lucene-core dependency
    
    * OAK-10786: add a comment about where the code originates from
    
    * OAK-10786: bump exported lucene package version to clarify that this is 
Oak's fork
    
    * OAK-10786: add copies of 
META-INF/services/org.apache.lucene.codecs.DocValuesFormat and 
META-INF/services/org.apache.lucene.codecs.PostingsFormat
    
    * OAK-10787: oak-lucene: backport fix for lucene-core vulnerability
---
 oak-lucene/pom.xml                                 |  2 +-
 .../org/apache/lucene/util/automaton/RegExp.java   | 42 +++++++++++++++-------
 .../plugins/index/lucene/LuceneSecurityTest.java   |  2 --
 .../oak/plugins/index/FullTextIndexCommonTest.java |  2 --
 4 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/oak-lucene/pom.xml b/oak-lucene/pom.xml
index c1f080d0c4..aa19373e98 100644
--- a/oak-lucene/pom.xml
+++ b/oak-lucene/pom.xml
@@ -107,7 +107,7 @@
             <_exportcontents>
               !org.apache.lucene.queryparser.xml,
               !org.apache.lucene.queryparser.xml.builders,
-              org.apache.lucene.*;version=4.7.2-oak1<!-- first Oak 
modification of original lucence-core 4.7.2 source code, see OAK-10786 for 
further information -->
+              org.apache.lucene.*;version=4.7.2-oak2<!-- second Oak 
modification of original lucence-core 4.7.2 source code, see OAK-10786 for 
further information -->
             </_exportcontents>
             <Export-Package>
                 org.apache.jackrabbit.oak.plugins.index.lucene,
diff --git 
a/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java 
b/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java
index 3dd1c87950..c088fc1c5e 100644
--- a/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java
+++ b/oak-lucene/src/main/java/org/apache/lucene/util/automaton/RegExp.java
@@ -43,6 +43,8 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.BooleanSupplier;
+import java.util.function.Supplier;
 
 /**
  * Regular Expression extension to <code>Automaton</code>.
@@ -872,23 +874,39 @@ public class RegExp {
   }
   
   final RegExp parseUnionExp() throws IllegalArgumentException {
-    RegExp e = parseInterExp();
-    if (match('|')) e = makeUnion(e, parseUnionExp());
-    return e;
+    return iterativeParseExp(this::parseInterExp, () -> match('|'), 
RegExp::makeUnion);
   }
   
   final RegExp parseInterExp() throws IllegalArgumentException {
-    RegExp e = parseConcatExp();
-    if (check(INTERSECTION) && match('&')) e = makeIntersection(e,
-        parseInterExp());
-    return e;
+    return iterativeParseExp(
+      this::parseConcatExp, () -> check(INTERSECTION) && match('&'), 
RegExp::makeIntersection);
   }
   
   final RegExp parseConcatExp() throws IllegalArgumentException {
-    RegExp e = parseRepeatExp();
-    if (more() && !peek(")|") && (!check(INTERSECTION) || !peek("&"))) e = 
makeConcatenation(
-        e, parseConcatExp());
-    return e;
+    return iterativeParseExp(
+      this::parseRepeatExp,
+        () -> (more() && !peek(")|") && (!check(INTERSECTION) || !peek("&"))),
+        RegExp::makeConcatenation);
+    }
+  
+  /**
+   * Custom Functional Interface for a Supplying methods with signature of 
RegExp(RegExp
+   * exp1, RegExp exp2)
+   */
+  @FunctionalInterface
+  private interface MakeRegexGroup {
+    RegExp get(RegExp exp1, RegExp exp2);
+  }
+
+  final RegExp iterativeParseExp(
+      Supplier<RegExp> gather, BooleanSupplier stop, MakeRegexGroup 
associativeReduce)
+      throws IllegalArgumentException {
+    RegExp result = gather.get();
+    while (stop.getAsBoolean() == true) {
+      RegExp e = gather.get();
+      result = associativeReduce.get(result, e);
+    }
+    return result;
   }
   
   final RegExp parseRepeatExp() throws IllegalArgumentException {
@@ -985,7 +1003,7 @@ public class RegExp {
         try {
           if (i == 0 || i == s.length() - 1 || i != s.lastIndexOf('-')) throw 
new NumberFormatException();
           String smin = s.substring(0, i);
-          String smax = s.substring(i + 1, s.length());
+          String smax = s.substring(i + 1);
           int imin = Integer.parseInt(smin);
           int imax = Integer.parseInt(smax);
           int digits;
diff --git 
a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
 
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
index 226f715308..dd8b4967d5 100755
--- 
a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
+++ 
b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/plugins/index/lucene/LuceneSecurityTest.java
@@ -18,7 +18,6 @@
  */
 package org.apache.jackrabbit.oak.plugins.index.lucene;
 
-import org.junit.Ignore;
 import org.junit.Test;
 
 /**
@@ -27,7 +26,6 @@ import org.junit.Test;
 public class LuceneSecurityTest {
 
     @Test
-    @Ignore("OAK-10713")
     public void complexRegexp() throws Exception {
         // test borrowed from: https://github.com/apache/lucene/issues/11537
         StringBuilder strBuilder = new StringBuilder();
diff --git 
a/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java
 
b/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java
index e02d1ead07..60994d65b5 100644
--- 
a/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java
+++ 
b/oak-search/src/test/java/org/apache/jackrabbit/oak/plugins/index/FullTextIndexCommonTest.java
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants;
 import 
org.apache.jackrabbit.oak.plugins.index.search.util.IndexDefinitionBuilder;
 import org.apache.jackrabbit.oak.query.AbstractQueryTest;
-import org.junit.Ignore;
 import org.junit.Test;
 
 import java.util.List;
@@ -65,7 +64,6 @@ public abstract class FullTextIndexCommonTest extends 
AbstractQueryTest {
     }
 
     @Test
-    @Ignore("OAK-10777")
     public void fullTextQueryRegExp() throws Exception {
         Tree index = setup(builder -> 
builder.indexRule("nt:base").property("propa").analyzed(), idx -> {
                 },

(jackrabbit-oak) branch trunk updated: OAK-10787: oak-lucene: backport fix for lucene-core vulnerability (#1443)

Reply via email to