Skip to content

Commit

Permalink
HPCC4J-605 Connection: Improve Invalid URL Error Message
Browse files Browse the repository at this point in the history
- Added explicit check for underscores in hostname

Signed-off-by: James McMullan [email protected]
  • Loading branch information
jpmcmu committed May 29, 2024
1 parent 58e2f45 commit cc42093
Showing 1 changed file with 24 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Base64.Encoder;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
Expand Down Expand Up @@ -287,7 +289,28 @@ public static boolean isSslProtocol(String protocol)
*/
public Connection(String connectionstring) throws MalformedURLException
{
URL theurl = new URL(connectionstring);
URL theurl = null;
try
{
theurl = new URL(connectionstring);
}
catch (MalformedURLException e)
{
Pattern urlPattern = Pattern.compile("((https?|ftp|file):\\/\\/)?(([\\da-z\\.-_]+)\\.([a-z\\.]{2,6}))(:\\d{2,6})?([\\/\\w \\.-]*)*\\/?");

Check failure

Code scanning / CodeQL

Inefficient regular expression High

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' '.
Matcher matcher = urlPattern.matcher(connectionstring);
if (matcher.matches())
{
String hostName = matcher.group(3);
if (hostName.contains("_"))
{
throw new MalformedURLException("Invalid URL: Check hostname for invalid underscores: '" + connectionstring + "': " + e.getMessage());
}
}
else
{
throw e;
}
}

setProtocol(theurl.getProtocol());

Expand Down

0 comments on commit cc42093

Please sign in to comment.