diff --git a/services/src/main/java/org/keycloak/cookie/SecureContextResolver.java b/services/src/main/java/org/keycloak/cookie/SecureContextResolver.java index f460995953..d9c67ed837 100644 --- a/services/src/main/java/org/keycloak/cookie/SecureContextResolver.java +++ b/services/src/main/java/org/keycloak/cookie/SecureContextResolver.java @@ -1,9 +1,12 @@ package org.keycloak.cookie; import java.net.URI; +import java.util.regex.Pattern; class SecureContextResolver { + private static final Pattern LOCALHOST_IPV4 = Pattern.compile("127.\\d{1,3}.\\d{1,3}.\\d{1,3}"); + /** * Determines if a URI is potentially trustworthy, meaning a user agent can generally trust it to deliver data securely. * @@ -28,7 +31,7 @@ class SecureContextResolver { } // The host matches a CIDR notation of 127.0.0.0/8 - if (host.matches("127.\\d{1,3}.\\d{1,3}.\\d{1,3}")) { + if (LOCALHOST_IPV4.matcher(host).matches()) { return true; } diff --git a/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java b/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java index d91dd3f6c2..8899c04f53 100644 --- a/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java +++ b/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java @@ -61,6 +61,7 @@ public class UPConfigUtils { public static final String ROLE_ADMIN = UserProfileConstants.ROLE_ADMIN; private static final Set PSEUDOROLES = new HashSet<>(); + public static final Pattern ATTRIBUTE_NAME_PATTERN = Pattern.compile("[a-zA-Z0-9\\._\\-]+"); static { PSEUDOROLES.add(ROLE_ADMIN); @@ -239,7 +240,7 @@ public class UPConfigUtils { * @return */ public static boolean isValidAttributeName(String attributeName) { - return Pattern.matches("[a-zA-Z0-9\\._\\-]+", attributeName); + return ATTRIBUTE_NAME_PATTERN.matcher(attributeName).matches(); } /**