List of usage examples for org.apache.lucene.util.automaton Operations isTotal
public static boolean isTotal(Automaton a)
From source file:org.elasticsearch.index.reindex.TransportReindexAction.java
License:Apache License
/** * Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote whitelist and make sure that it doesn't whitelist * the world.// www. j av a 2 s. c o m */ static CharacterRunAutomaton buildRemoteWhitelist(List<String> whitelist) { if (whitelist.isEmpty()) { return new CharacterRunAutomaton(Automata.makeEmpty()); } Automaton automaton = Regex.simpleMatchToAutomaton(whitelist.toArray(Strings.EMPTY_ARRAY)); automaton = MinimizationOperations.minimize(automaton, Operations.DEFAULT_MAX_DETERMINIZED_STATES); if (Operations.isTotal(automaton)) { throw new IllegalArgumentException("Refusing to start because whitelist " + whitelist + " accepts all addresses. " + "This would allow users to reindex-from-remote any URL they like effectively having Elasticsearch make HTTP GETs " + "for them."); } return new CharacterRunAutomaton(automaton); }
From source file:org.elasticsearch.xpack.core.security.authz.permission.FieldPermissions.java
License:Open Source License
/** Constructor that enables field-level security based on include/exclude rules. Exclude rules * have precedence over include rules. */ FieldPermissions(FieldPermissionsDefinition fieldPermissionsDefinition, Automaton permittedFieldsAutomaton) { if (permittedFieldsAutomaton.isDeterministic() == false && permittedFieldsAutomaton.getNumStates() > 1) { // we only accept deterministic automata so that the CharacterRunAutomaton constructor // directly wraps the provided automaton throw new IllegalArgumentException("Only accepts deterministic automata"); }// ww w.j a v a 2 s.com this.fieldPermissionsDefinition = fieldPermissionsDefinition; this.originalAutomaton = permittedFieldsAutomaton; this.permittedFieldsAutomaton = new CharacterRunAutomaton(permittedFieldsAutomaton); // we cache the result of isTotal since this might be a costly operation this.permittedFieldsAutomatonIsTotal = Operations.isTotal(permittedFieldsAutomaton); long ramBytesUsed = BASE_FIELD_PERM_DEF_BYTES; for (FieldGrantExcludeGroup group : fieldPermissionsDefinition.getFieldGrantExcludeGroups()) { ramBytesUsed += BASE_FIELD_GROUP_BYTES + BASE_HASHSET_ENTRY_SIZE; if (group.getGrantedFields() != null) { ramBytesUsed += RamUsageEstimator.shallowSizeOf(group.getGrantedFields()); } if (group.getExcludedFields() != null) { ramBytesUsed += RamUsageEstimator.shallowSizeOf(group.getExcludedFields()); } } ramBytesUsed += permittedFieldsAutomaton.ramBytesUsed(); ramBytesUsed += runAutomatonRamBytesUsed(permittedFieldsAutomaton); this.ramBytesUsed = ramBytesUsed; }
From source file:org.elasticsearch.xpack.core.security.support.AutomatonsTests.java
License:Open Source License
public void testPatternComplexity() { List<String> patterns = Arrays.asList("*", "filebeat*de-tst-chatclassification*", "metricbeat*de-tst-chatclassification*", "packetbeat*de-tst-chatclassification*", "heartbeat*de-tst-chatclassification*", "filebeat*documentationdev*", "metricbeat*documentationdev*", "packetbeat*documentationdev*", "heartbeat*documentationdev*", "filebeat*devsupport-website*", "metricbeat*devsupport-website*", "packetbeat*devsupport-website*", "heartbeat*devsupport-website*", ".kibana-tcloud", ".reporting-tcloud", "filebeat-app-ingress-*", "filebeat-app-tcloud-*", "filebeat*documentationprod*", "metricbeat*documentationprod*", "packetbeat*documentationprod*", "heartbeat*documentationprod*", "filebeat*bender-minio-test-1*", "metricbeat*bender-minio-test-1*", "packetbeat*bender-minio-test-1*", "heartbeat*bender-minio-test-1*"); final Automaton automaton = Automatons.patterns(patterns); assertTrue(Operations.isTotal(automaton)); assertTrue(automaton.isDeterministic()); }