possible polynomial runtime due to backtracking

[elaneri]

Hi, I found this could be a issue

Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.

[CLAassistant]

All committers have signed the CLA.

[ElijahPepe]

The general idea here is lost, because the time complexity is equivalent for both implementations. However, I will add that Java uses a lightweight implementation of .split() for single-character strings (that are not meta characters) that doesn't use RegEx, to my knowledge. In this case, trimming the string afterwards would be faster. LGTM.

[uwussimo]

Based on the potential issue described, the update to the code is a good improvement and should be approved.

Adding the trim() method call on the token ensures that any leading or trailing whitespaces in the input string are removed before converting the string to an enum value. This helps avoid any possible IllegalArgumentException that could have occurred if there were any leading or trailing whitespaces in the input string.

The update also doesn't change the overall behavior of the method and doesn't introduce any new issues or side effects. Therefore, it is recommended to approve the update to ensure the code is more robust and less prone to errors.

[ElijahPepe]

@uwussimo Not sure where you're getting some of that from, this is a function taking a string and splitting it by whitespace padded commas.

[elaneri]

Hi , @ElijahPepe, here you can find more information about this https://rules.sonarsource.com/java/RSPEC-5852
regards

[ElijahPepe]

This code is used in a specific, uncontrollable string that wouldn't be susceptible to a ReDoS. Not saying that the pull request isn't valid, but there's no security risk here.