You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2021/01/14 12:54:37 UTC
[isis] branch master updated: ISIS-2297: fixes potential denial of
service attack vectors (sonar)
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 6cae937 ISIS-2297: fixes potential denial of service attack vectors (sonar)
6cae937 is described below
commit 6cae937f9e46621b6f2d84cc5c9390112865e8b7
Author: Andi Huber <ah...@apache.org>
AuthorDate: Thu Jan 14 13:53:46 2021 +0100
ISIS-2297: fixes potential denial of service attack vectors (sonar)
---
.../main/java/org/apache/isis/applib/services/xactn/TransactionId.java | 3 +++
commons/src/main/java/org/apache/isis/commons/having/HasUniqueId.java | 2 +-
.../src/main/java/org/apache/isis/core/config/IsisConfiguration.java | 2 +-
.../org/apache/isis/core/metamodel/adapter/oid/Oid_Marshaller.java | 2 +-
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/api/applib/src/main/java/org/apache/isis/applib/services/xactn/TransactionId.java b/api/applib/src/main/java/org/apache/isis/applib/services/xactn/TransactionId.java
index ea1785f..f6acb02 100644
--- a/api/applib/src/main/java/org/apache/isis/applib/services/xactn/TransactionId.java
+++ b/api/applib/src/main/java/org/apache/isis/applib/services/xactn/TransactionId.java
@@ -31,6 +31,9 @@ import lombok.Value;
@Value(staticConstructor = "of")
public final class TransactionId implements HasUniqueId {
+ /**
+ * The unique identifier of the request/interaction.
+ */
private final UUID uniqueId;
/**
diff --git a/commons/src/main/java/org/apache/isis/commons/having/HasUniqueId.java b/commons/src/main/java/org/apache/isis/commons/having/HasUniqueId.java
index 94ee596..305a35d 100644
--- a/commons/src/main/java/org/apache/isis/commons/having/HasUniqueId.java
+++ b/commons/src/main/java/org/apache/isis/commons/having/HasUniqueId.java
@@ -27,7 +27,7 @@ import java.util.UUID;
public interface HasUniqueId {
/**
- * The unique identifier (a GUID) of the request/interaction/transaction.
+ * A unique identifier (a GUID).
*/
UUID getUniqueId();
diff --git a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
index 6692f6e..3b1402f 100644
--- a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
+++ b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
@@ -1997,7 +1997,7 @@ public class IsisConfiguration {
* If set, eg <code>https://dev.myapp.com/</code>, then this value will be used instead.
* </p>
*/
- @javax.validation.constraints.Pattern(regexp="^http[s]?://[^:]+?(:\\d+)?/([^/]+/)*$")
+ @javax.validation.constraints.Pattern(regexp="^http[s]?://[^:]+?(:\\d+)?/([^/]+/)*+$")
private Optional<String> baseUri = Optional.empty();
}
diff --git a/core/metamodel/src/main/java/org/apache/isis/core/metamodel/adapter/oid/Oid_Marshaller.java b/core/metamodel/src/main/java/org/apache/isis/core/metamodel/adapter/oid/Oid_Marshaller.java
index 2b73e03..3f4ad97 100644
--- a/core/metamodel/src/main/java/org/apache/isis/core/metamodel/adapter/oid/Oid_Marshaller.java
+++ b/core/metamodel/src/main/java/org/apache/isis/core/metamodel/adapter/oid/Oid_Marshaller.java
@@ -109,7 +109,7 @@ final class Oid_Marshaller implements Oid.Marshaller, Oid.Unmarshaller {
WORD_GROUP + SEPARATOR + WORD_GROUP +
")" +
"(" +
- "(" + SEPARATOR_NESTING + WORD + SEPARATOR + WORD + ")*" + // nesting of aggregates
+ "(" + SEPARATOR_NESTING + WORD + SEPARATOR + WORD + ")*+" + // nesting of aggregates
")" +
")" +
"(" + "[" + SEPARATOR_PARENTED + "]" + WORD + ")?" + // optional collection name