This is an automated email from the ASF dual-hosted git repository. kxiao pushed a commit to branch branch-2.0 in repository https://gitbox.apache.org/repos/asf/doris.git
commit 0425a847b032d952c66b2dbc04ff78f25fa25663 Author: DongLiang-0 <[email protected]> AuthorDate: Sun Oct 8 12:18:20 2023 +0800 [fix](auth)fix use regex verify mysql password may cause backtracking (#24900) --- .../java/org/apache/doris/mysql/MysqlPassword.java | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java index 91b0255f52a..cc90d7ad8ea 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java @@ -30,6 +30,8 @@ import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Random; +import java.util.Set; +import java.util.stream.Collectors; // this is stolen from MySQL // @@ -82,6 +84,12 @@ public class MysqlPassword { private static final byte[] DIG_VEC_UPPER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; private static final Random random = new Random(System.currentTimeMillis()); + private static final Set<Character> complexCharSet; + public static final int MIN_PASSWORD_LEN = 8; + + static { + complexCharSet = "~!@#$%^&*()_+|<>,.?/:;'[]{}".chars().mapToObj(c -> (char) c).collect(Collectors.toSet()); + } public static byte[] createRandomString(int len) { byte[] bytes = new byte[len]; @@ -280,12 +288,6 @@ public class MysqlPassword { return passwd; } - public static final String REG_NUMBER = ".*\\d+.*"; - public static final String REG_UPPERCASE = ".*[A-Z]+.*"; - public static final String REG_LOWERCASE = ".*[a-z]+.*"; - public static final String REG_SYMBOL = ".*[~!@#$%^&*()_+|<>,.?/:;'\\[\\]{}\"]+.*"; - public static final int MIN_PASSWORD_LEN = 8; - public static void validatePlainPassword(long validaPolicy, String text) throws AnalysisException { if (validaPolicy == GlobalVariable.VALIDATE_PASSWORD_POLICY_STRONG) { if (Strings.isNullOrEmpty(text) || text.length() < MIN_PASSWORD_LEN) { @@ -294,16 +296,16 @@ public class MysqlPassword { } int i = 0; - if (text.matches(REG_NUMBER)) { + if (text.chars().anyMatch(Character::isDigit)) { i++; } - if (text.matches(REG_LOWERCASE)) { + if (text.chars().anyMatch(Character::isLowerCase)) { i++; } - if (text.matches(REG_UPPERCASE)) { + if (text.chars().anyMatch(Character::isUpperCase)) { i++; } - if (text.matches(REG_SYMBOL)) { + if (text.chars().anyMatch(c -> complexCharSet.contains((char) c))) { i++; } if (i < 3) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
