OperatorMatches flags misguided evaluation attempts as FLAWED_PATTERN

Issue: SPR-16731

(cherry picked from commit d4a55a2)

Author: jhoeller

spring-context/src/main/java/org/springframework/cache/interceptor/VariableNotAvailableException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,13 +30,15 @@ class VariableNotAvailableException extends EvaluationException {
 
 	private final String name;
 
+
 	public VariableNotAvailableException(String name) {
-		super("Variable '" + name + "' is not available");
+		super("Variable not available");
 		this.name = name;
 	}
 
 
-	public String getName() {
+	public final String getName() {
 		return this.name;
 	}
+
 }

spring-expression/src/main/java/org/springframework/expression/spel/SpelMessage.java

@@ -57,13 +57,13 @@ public enum SpelMessage {
 			"Property or field ''{0}'' cannot be found on null"),
 
 	PROPERTY_OR_FIELD_NOT_READABLE(Kind.ERROR, 1008,
-			"Property or field ''{0}'' cannot be found on object of type ''{1}'' - maybe not public?"),
+			"Property or field ''{0}'' cannot be found on object of type ''{1}'' - maybe not public or not valid?"),
 
 	PROPERTY_OR_FIELD_NOT_WRITABLE_ON_NULL(Kind.ERROR, 1009,
 			"Property or field ''{0}'' cannot be set on null"),
 
 	PROPERTY_OR_FIELD_NOT_WRITABLE(Kind.ERROR, 1010,
-			"Property or field ''{0}'' cannot be set on object of type ''{1}'' - maybe not public?"),
+			"Property or field ''{0}'' cannot be set on object of type ''{1}'' - maybe not public or not writable?"),
 
 	METHOD_CALL_ON_NULL_OBJECT_NOT_ALLOWED(Kind.ERROR, 1011,
 			"Method call: Attempted to call method {0} on null context object"),
@@ -156,7 +156,7 @@ public enum SpelMessage {
 	NOT_A_REAL(Kind.ERROR, 1040,
 			"The value ''{0}'' cannot be parsed as a double"),
 
-	MORE_INPUT(Kind.ERROR,1041,
+	MORE_INPUT(Kind.ERROR, 1041,
 			"After parsing a valid expression, there is still more data in the expression: ''{0}''"),
 
 	RIGHT_OPERAND_PROBLEM(Kind.ERROR, 1042,
@@ -226,30 +226,36 @@ public enum SpelMessage {
 			"A required array dimension has not been specified"),
 
 	INITIALIZER_LENGTH_INCORRECT(Kind.ERROR, 1064,
-			"array initializer size does not match array dimensions"),
+			"Array initializer size does not match array dimensions"),
 
-	UNEXPECTED_ESCAPE_CHAR(Kind.ERROR, 1065, "unexpected escape character."),
+	UNEXPECTED_ESCAPE_CHAR(Kind.ERROR, 1065,
+			"Unexpected escape character"),
 
 	OPERAND_NOT_INCREMENTABLE(Kind.ERROR, 1066,
-			"the expression component ''{0}'' does not support increment"),
+			"The expression component ''{0}'' does not support increment"),
 
 	OPERAND_NOT_DECREMENTABLE(Kind.ERROR, 1067,
-			"the expression component ''{0}'' does not support decrement"),
+			"The expression component ''{0}'' does not support decrement"),
 
 	NOT_ASSIGNABLE(Kind.ERROR, 1068,
-			"the expression component ''{0}'' is not assignable"),
+			"The expression component ''{0}'' is not assignable"),
 
 	MISSING_CHARACTER(Kind.ERROR, 1069,
-			"missing expected character ''{0}''"),
+			"Missing expected character ''{0}''"),
 
 	LEFT_OPERAND_PROBLEM(Kind.ERROR, 1070,
 			"Problem parsing left operand"),
 
 	MISSING_SELECTION_EXPRESSION(Kind.ERROR, 1071,
 			"A required selection expression has not been specified"),
 
-	EXCEPTION_RUNNING_COMPILED_EXPRESSION(Kind.ERROR,1072,
-			"An exception occurred whilst evaluating a compiled expression");
+	/** @since 4.1 */
+	EXCEPTION_RUNNING_COMPILED_EXPRESSION(Kind.ERROR, 1072,
+			"An exception occurred whilst evaluating a compiled expression"),
+
+	/** @since 4.3.17 */
+	FLAWED_PATTERN(Kind.ERROR, 1073,
+			"Failed to efficiently evaluate pattern ''{0}'': consider redesigning it");
 
 
 	private final Kind kind;

spring-expression/src/main/java/org/springframework/expression/spel/ast/OperatorMatches.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,6 +40,8 @@
  */
 public class OperatorMatches extends Operator {
 
+	private static final int PATTERN_ACCESS_THRESHOLD = 1000000;
+
 	private final ConcurrentMap<String, Pattern> patternCache = new ConcurrentHashMap<String, Pattern>();
 
 
@@ -60,10 +62,10 @@ public OperatorMatches(int pos, SpelNodeImpl... operands) {
 	public BooleanTypedValue getValueInternal(ExpressionState state) throws EvaluationException {
 		SpelNodeImpl leftOp = getLeftOperand();
 		SpelNodeImpl rightOp = getRightOperand();
-		Object left = leftOp.getValue(state, String.class);
-		Object right = getRightOperand().getValueInternal(state).getValue();
+		String left = leftOp.getValue(state, String.class);
+		Object right = getRightOperand().getValue(state);
 
-		if (!(left instanceof String)) {
+		if (left == null) {
 			throw new SpelEvaluationException(leftOp.getStartPosition(),
 					SpelMessage.INVALID_FIRST_OPERAND_FOR_MATCHES_OPERATOR, left);
 		}
@@ -73,18 +75,65 @@ public BooleanTypedValue getValueInternal(ExpressionState state) throws Evaluati
 		}
 
 		try {
-			String leftString = (String) left;
 			String rightString = (String) right;
 			Pattern pattern = this.patternCache.get(rightString);
 			if (pattern == null) {
 				pattern = Pattern.compile(rightString);
 				this.patternCache.putIfAbsent(rightString, pattern);
 			}
-			Matcher matcher = pattern.matcher(leftString);
+			Matcher matcher = pattern.matcher(new MatcherInput(left, new AccessCount()));
 			return BooleanTypedValue.forValue(matcher.matches());
 		}
 		catch (PatternSyntaxException ex) {
-			throw new SpelEvaluationException(rightOp.getStartPosition(), ex, SpelMessage.INVALID_PATTERN, right);
+			throw new SpelEvaluationException(
+					rightOp.getStartPosition(), ex, SpelMessage.INVALID_PATTERN, right);
+		}
+		catch (IllegalStateException ex) {
+			throw new SpelEvaluationException(
+					rightOp.getStartPosition(), ex, SpelMessage.FLAWED_PATTERN, right);
+		}
+	}
+
+
+	private static class AccessCount {
+
+		private int count;
+
+		public void check() throws IllegalStateException {
+			if (this.count++ > PATTERN_ACCESS_THRESHOLD) {
+				throw new IllegalStateException("Pattern access threshold exceeded");
+			}
+		}
+	}
+
+
+	private static class MatcherInput implements CharSequence {
+
+		private final CharSequence value;
+
+		private AccessCount access;
+
+		public MatcherInput(CharSequence value, AccessCount access) {
+			this.value = value;
+			this.access = access;
+		}
+
+		public char charAt(int index) {
+			this.access.check();
+			return this.value.charAt(index);
+		}
+
+		public CharSequence subSequence(int start, int end) {
+			return new MatcherInput(this.value.subSequence(start, end), this.access);
+		}
+
+		public int length() {
+			return this.value.length();
+		}
+
+		@Override
+		public String toString() {
+			return this.value.toString();
 		}
 	}
 

spring-expression/src/test/java/org/springframework/expression/spel/EvaluationTests.java

@@ -194,6 +194,22 @@ public void testRelOperatorsMatches05() {
 		evaluate("27 matches '^.*2.*$'", true, Boolean.class);  // conversion int>string
 	}
 
+	@Test  // SPR-16731
+	public void testMatchesWithPatternAccessThreshold() {
+		String pattern = "^(?=[a-z0-9-]{1,47})([a-z0-9]+[-]{0,1}){1,47}[a-z0-9]{1}$";
+		String expression = "'abcde-fghijklmn-o42pasdfasdfasdf.qrstuvwxyz10x.xx.yyy.zasdfasfd' matches \'" + pattern + "\'";
+		Expression expr = parser.parseExpression(expression);
+		try {
+			expr.getValue();
+			fail("Should have exceeded threshold");
+		}
+		catch (EvaluationException ee) {
+			SpelEvaluationException see = (SpelEvaluationException) ee;
+			assertEquals(SpelMessage.FLAWED_PATTERN, see.getMessageCode());
+			assertTrue(see.getCause() instanceof IllegalStateException);
+		}
+	}
+
 	// mixing operators
 	@Test
 	public void testMixingOperators01() {