From 1a7c6345aaa86fdbf1705efa36fbfce30dc6b9ef Mon Sep 17 00:00:00 2001 From: Davi Torres <90287660+daviftorres@users.noreply.github.com> Date: Tue, 31 Mar 2026 11:57:49 -0400 Subject: [PATCH] Refine regex pattern for domain path matching Updated regex pattern to escape only the '/' character while noting potential risks with the wildcard '.' character. --- server/src/main/java/com/cloud/user/DomainManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/com/cloud/user/DomainManagerImpl.java b/server/src/main/java/com/cloud/user/DomainManagerImpl.java index ac6cdcc821b..b24f169ddc0 100644 --- a/server/src/main/java/com/cloud/user/DomainManagerImpl.java +++ b/server/src/main/java/com/cloud/user/DomainManagerImpl.java @@ -1074,7 +1074,7 @@ public class DomainManagerImpl extends ManagerBase implements DomainManager, Dom for (Map.Entry> entry : idsOfDomainsWithResourcesUsedByDomainToBeMoved.entrySet()) { DomainVO domainWithResourceUsedByDomainToBeMoved = _domainDao.findById(entry.getKey()); - Pattern pattern = Pattern.compile(domainWithResourceUsedByDomainToBeMoved.getPath().replace("/", "\\/").concat(".*")); + Pattern pattern = Pattern.compile(domainWithResourceUsedByDomainToBeMoved.getPath().replace("/", "\\/").concat(".*")); // This only scaped one Regex metacharacter (/). The wildcard `.` is more common and dangerous in my opinion. Matcher matcher = pattern.matcher(newPathOfDomainToBeMoved); if (!matcher.matches()) { domainsOfResourcesInaccessibleToNewParentDomain.put(domainWithResourceUsedByDomainToBeMoved, entry.getValue());