Page History

A non-malicious exampleuse would be to search for 'John.*'.enter "Bono". A malicious exampleuse would be to search for '(?s)John.*'enter "?:)(^Bono,[0-9]+?,[0-9]+?$)|(?:". The outer parentheses defeat the grouping protection. Now this use will reveal all times and IPs the keyword 'Bono' was searched. Using the OR operator allows injection of any arbitrary regex.

import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.Set;
import java.util.HashSet;

public class ForumUserMan
{
    private final String userCSV = "JohnPaul,HearsGodsVoice\nJohnJackson,OlympicBobsleder\nJohnMayer,MakesBadMusic\n";

&nbsp;&nbsp;&nbsp; public Set<String> searchUser(String name)
&nbsp;&nbsp;&nbsp; {
        Set<String> matchedUsers/* Say this logfile contains:
 * CSV style: search string, time (unix), ip (integer)
 *
 * Alice,1267773881,2147651708
 * Bono,1267774881,2147651708
 * Charles,1267775881,1175563058
 *
 * and the CSVLog class has a readLine() method which retrieves a single line from the CSVLog and returns null when at EOF
 */
private CSVLog logfile;
 
//an application repeatedly calls this function that searches through the search log for search suggestions for autocompletion
public Set<String> suggestSearches(String search)
{
   Set<String> searches = new HashSet<String>();
    
          String//construct regex = name + ","; //supposedly this forces the regex to only match names
       from user's string   //the regex matches valid lines and the grouping characters will limit the returned regex to the search string
   String regex = "^(" + search + "),[0-9]+?,[0-9]+?$";
   Pattern p = Pattern.compile(regex, 0);
       );
   String s;
   while ((s = logfile.readLine()) != null) { //gets a single line from the logfile
       Matcher m = p.matcher(userCSVs);

              whileif (m.find())
            matchedUsers.add( {
           String found = m.group(1);
           searches.add(found);
       }
   }
        
      return matchedUserssearches;
    }
}