Fix Denial of Service (DoS) vulnerability in ShaderGenerator.java #130
Description
Describe the Software Vulnerability
We notice a vulnerability in ShaderGenerator.java class specifically in the appendNodeDeclarationAndMain method of the shader processing code due to the use of a regular expression with inefficient backtracking.
File Location: jme3-core/src/main/java/com/jme3/shader/ShaderGenerator.java
Type of Vulnerability
This vulnerability allows for ReDoS (Regular Expression Denial of Service) attacks, which was detected by SonarQube and can cause the application to become slow or unresponsive by exploiting inefficiencies in the regular expression matching process. When the \s* quantifier is used in multiple places, it can lead to exponential backtracking, especially with complex or large inputs, leading to high CPU usage.
Expected outcome
The vulnerability will be mitigated by optimizing the regular expression used in the appendNodeDeclarationAndMain method. Specifically, the regular expression will be adjusted to reduce unnecessary backtracking and ensure that it matches the intended input efficiently.
Code before refactoring
Code after refactoring
