Precompile regular expression in UnixCrypt.crypt(byte[], String)

apache · Oct 26, 2023 · 36ab02f · 36ab02f
1 parent 8e1bc74
commit 36ab02f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -50,7 +50,8 @@ The <action> type attribute can be add,update,fix,remove.
       <action                   dev="ggregory" type="fix" due-to="step-security-bot, Gary Gregory">[StepSecurity] ci: Harden GitHub Actions #187.</action>
       <action issue="CODEC-295" dev="ggregory" type="fix" due-to="Evan Saulpaugh">Correct error in Base64 Javadoc #188.</action>
       <action issue="CODEC-295" dev="ggregory" type="fix" due-to="Olivier Jaquemet, Gary Gregory">Add minimum Java version in changes.xml #186.</action>
-      <action issue="CODEC-310" dev="ggregory" type="fix" due-to="Yakov Shafranovich">Documentation update for the org.apache.commons.codec.digest.* package #208 .</action>
+      <action issue="CODEC-310" dev="ggregory" type="fix" due-to="Yakov Shafranovich">Documentation update for the org.apache.commons.codec.digest.* package #208.</action>
+      <action                   dev="ggregory" type="fix" due-to="Gary Gregory">Precompile regular expression in UnixCrypt.crypt(byte[], String).</action>
       <!-- UPDATE -->    
       <action                   dev="ggregory" type="update" due-to="Dependabot, Gary Gregory">Bump commons-parent from 58 to 64.</action>
       <action                   dev="ggregory" type="update" due-to="Gary Gregory">Bump commons-lang3 from 3.12.0 to 3.13.0.</action>      

diff --git a/src/main/java/org/apache/commons/codec/digest/UnixCrypt.java b/src/main/java/org/apache/commons/codec/digest/UnixCrypt.java
@@ -19,6 +19,7 @@
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import java.util.regex.Pattern;
 
 /**
  * Unix crypt(3) algorithm implementation.
@@ -42,6 +43,9 @@
  */
 public class UnixCrypt {
 
+    private static final String CRYPT_SALT_REGEX = "^[" + B64.B64T_STRING + "]{2,}$";
+    private static final Pattern CRYPT_SALT_PATTERN = Pattern.compile(CRYPT_SALT_REGEX);
+
     private static final int[] CON_SALT = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
             0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 5, 6,
             7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33,
@@ -250,7 +254,7 @@ public static String crypt(final byte[] original, String salt) {
             final int numSaltChars = SALT_CHARS.length;
             salt = "" + SALT_CHARS[randomGenerator.nextInt(numSaltChars)] +
                     SALT_CHARS[randomGenerator.nextInt(numSaltChars)];
-        } else if (!salt.matches("^[" + B64.B64T_STRING + "]{2,}$")) {
+        } else if (!CRYPT_SALT_PATTERN.matcher(salt).matches()) {
             throw new IllegalArgumentException("Invalid salt value: " + salt);
         }