Am 08.11.2024 um 03:15 schrieb David Schlosnagle:
On Thu, 7 Nov 2024 22:13:04 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
I've tried to comment on Github but the bot that required me to accept the
TOS doesn't seem to automatically restore it while stating the opposite in
the comment. I don't want to fight that bot so I use this way instead.
src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
line 127:
125: return patternCache.computeIfAbsent(
126: pattern,
127: p -> Pattern.compile(p.replace("*", ".*")))
Do we care if one uses other regex matching characters as part of the pattern
input,
e.g. should `TLS_[a-zA-Z0-9_]+` be a valid input that disables some algorithms?
I've asked myself the same thing and I think that - if that's not supposed to be
allowed - the following should solve that:
p -> Pattern.compile("^\\Q" + p.replace("*", "\\E.*\\Q") + "\\E$")
Cheers, Lothar
