You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (JIRA)" <ji...@apache.org> on 2019/04/08 08:16:00 UTC

[jira] [Assigned] (SYNCOPE-1457) NonAlphaNumeric policy pattern matches the "Not word" character class

     [ https://issues.apache.org/jira/browse/SYNCOPE-1457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Francesco Chicchiriccò reassigned SYNCOPE-1457:
-----------------------------------------------

             Assignee: Francesco Chicchiriccò
    Affects Version/s: 2.1.3
        Fix Version/s: 3.0.0
                       2.1.4
                       2.0.13

> NonAlphaNumeric policy pattern matches the "Not word" character class
> ---------------------------------------------------------------------
>
>                 Key: SYNCOPE-1457
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1457
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.12, 2.1.3
>            Reporter: Dmitriy
>            Assignee: Francesco Chicchiriccò
>            Priority: Minor
>             Fix For: 2.0.13, 2.1.4, 3.0.0
>
>
> Non-alphanumeric characters look like this https://wci.llnl.gov/codes/basis/manual/node161.html
> Seems, that next patterns are incorrect: 
> {code:java}
> org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#NON_ALPHANUMERIC = Pattern.compile(".*\\W.*");
>     p org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#FIRST_NON_ALPHANUMERIC = Pattern.compile("\\W.*");
>    org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern#LAST_NON_ALPHANUMERIC = Pattern.compile(".*\\W");
> {code}
> Looks like these pattern should be anyhow symmetric to the:
> {code:java}
>  org.apache.syncope.core.spring.security.DefaultPasswordGenerator#SPECIAL_CHARS = { '!', '£', '%', '&', '(', ')', '?', '#', '$' };
> {code}
> Maybe these patterns should look like these: 
> {code:java}
> private static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|].*");
> private static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*[~!@#$%^&*_\\-`(){}\\[\\]:;\"'<>,.?/\\=\\+\\\\\\|]");
> {code}
>     



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)