🐛 Prevent unintended regex interpretation issues when processing mong…

…o-mount mapped URIs in MongoRequest
SoftInstigate · Feb 24, 2025 · cdbee84 · cdbee84
1 parent 56e28ec
commit cdbee84
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/commons/src/main/java/org/restheart/exchange/MongoRequest.java b/commons/src/main/java/org/restheart/exchange/MongoRequest.java
@@ -27,6 +27,7 @@
 import java.util.Deque;
 import java.util.Map;
 import java.util.Optional;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import org.bson.BsonArray;
@@ -491,15 +492,21 @@ private String unmapUri(String mappedUri) {
         }
     }
 
+    Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\].+*?^$\\\\|]");
+
+    String escapeSpecialRegexChars(String str) {
+        return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
+    }
+
     private String unmapPathUri(String mappedUri) {
         var ret = URLUtils.removeTrailingSlashes(mappedUri);
 
         if (whatUri.equals("*")) {
             if (!this.whereUri.equals(SLASH)) {
-                ret = ret.replaceFirst("^" + this.whereUri, "");
+                ret = ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), "");
             }
         } else if (!this.whereUri.equals(SLASH)) {
-            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + this.whereUri, this.whatUri));
+            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whereUri), this.whatUri));
         } else {
             ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(this.whatUri) + ret);
         }
@@ -518,10 +525,11 @@ private String unmapPathTemplateUri(String mappedUri) {
         // now replace mappedUri with resolved path template
         if (replacedWhatUri.equals("*")) {
             if (!this.whereUri.equals(SLASH)) {
-                ret = ret.replaceFirst("^" + rewriteUri, "");
+                ret = ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), "");
             }
         } else if (!this.whereUri.equals(SLASH)) {
-            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + rewriteUri, replacedWhatUri));
+            var x = rewriteUri;
+            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(rewriteUri), replacedWhatUri));
         } else {
             ret = URLUtils.removeTrailingSlashes(URLUtils.removeTrailingSlashes(replacedWhatUri) + ret);
         }
@@ -553,7 +561,7 @@ private String mapPathUri(String unmappedUri) {
                 return this.whereUri + unmappedUri;
             }
         } else {
-            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + this.whatUri, this.whereUri));
+            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(this.whatUri), this.whereUri));
         }
 
         if (ret.isEmpty()) {
@@ -576,7 +584,7 @@ private String mapPathTemplateUri(String unmappedUri) {
                 return rewriteUri + unmappedUri;
             }
         } else {
-            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + replacedWhatUri, rewriteUri));
+            ret = URLUtils.removeTrailingSlashes(ret.replaceFirst("^" + escapeSpecialRegexChars(replacedWhatUri), rewriteUri));
         }
 
         return ret.isEmpty() ? SLASH : ret;