walterddr commented on code in PR #8893:
URL: https://github.com/apache/pinot/pull/8893#discussion_r910541056
##########
pinot-common/src/main/java/org/apache/pinot/common/utils/RegexpPatternConverterUtils.java:
##########
@@ -33,7 +33,49 @@ private RegexpPatternConverterUtils() {
* Converts a LIKE pattern into REGEXP_LIKE pattern.
*/
public static String likeToRegexpLike(String likePattern) {
- return "^" + escapeMetaCharacters(likePattern).replace('_',
'.').replace("%", ".*") + "$";
+ int start = 0;
+ int end = likePattern.length();
+ String prefix = "^";
+ String suffix = "$";
+ switch (likePattern.length()) {
+ case 0:
+ return "^$";
+ case 1:
+ if (likePattern.charAt(0) == '%') {
+ return "^.*$";
+ }
+ break;
+ default:
+ if (likePattern.charAt(0) == '%') {
Review Comment:
do we plan to optimize something similar to
```
LIKE '%%%%%%%%%%%%%zz'
REGEXP_LIKE(col, '((((((.*)*)*)*)*)*)*zz')
```
listed in this
[blog](https://blog.doyensec.com/2022/06/09/apache-pinot-sqli-rce.html)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
