From 18403cddea3151475069c5db03b4edf9c760f544 Mon Sep 17 00:00:00 2001
From: Sam Brannen <sam@sambrannen.com>
Date: Tue, 11 Apr 2023 23:08:53 +0200
Subject: [PATCH] Change max regex length in SpEL expressions to 1000

This commit changes the max regex length in SpEL expressions from 1024
to 1000 in order to consistently use "round" numbers for recently
introduced limits.

See gh-30265
---
 .../expression/spel/ast/OperatorMatches.java   |  2 +-
 .../expression/spel/EvaluationTests.java       | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/spring-expression/src/main/java/org/springframework/expression/spel/ast/OperatorMatches.java b/spring-expression/src/main/java/org/springframework/expression/spel/ast/OperatorMatches.java
index 0863716c182d..de277c68eaf6 100644
--- a/spring-expression/src/main/java/org/springframework/expression/spel/ast/OperatorMatches.java
+++ b/spring-expression/src/main/java/org/springframework/expression/spel/ast/OperatorMatches.java
@@ -47,7 +47,7 @@ public class OperatorMatches extends Operator {
 	 * Maximum number of characters permitted in a regular expression.
 	 * @since 5.2.23
 	 */
-	private static final int MAX_REGEX_LENGTH = 256;
+	private static final int MAX_REGEX_LENGTH = 1000;
 
 	private final ConcurrentMap<String, Pattern> patternCache;
 
diff --git a/spring-expression/src/test/java/org/springframework/expression/spel/EvaluationTests.java b/spring-expression/src/test/java/org/springframework/expression/spel/EvaluationTests.java
index 6b5f02a05b69..75d2a25f551f 100644
--- a/spring-expression/src/test/java/org/springframework/expression/spel/EvaluationTests.java
+++ b/spring-expression/src/test/java/org/springframework/expression/spel/EvaluationTests.java
@@ -201,18 +201,24 @@ void matchesWithPatternAccessThreshold() {
 
 	@Test
 	void matchesWithPatternLengthThreshold() {
-		String pattern = "(0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789" +
-				"0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789" +
-				"01234567890123456789012345678901234567890123456789|abc)";
-		assertThat(pattern).hasSize(256);
-		Expression expr = parser.parseExpression("'abc' matches '" + pattern + "'");
+		String pattern = String.format("^(%s|X)", repeat("12345", 199));
+		assertThat(pattern).hasSize(1000);
+		Expression expr = parser.parseExpression("'X' matches '" + pattern + "'");
 		assertThat(expr.getValue(context, Boolean.class)).isTrue();
 
 		pattern += "?";
-		assertThat(pattern).hasSize(257);
+		assertThat(pattern).hasSize(1001);
 		evaluateAndCheckError("'abc' matches '" + pattern + "'", Boolean.class, SpelMessage.MAX_REGEX_LENGTH_EXCEEDED);
 	}
 
+	private String repeat(String str, int count) {
+		String result = "";
+		for (int i = 0; i < count; i++) {
+			result += str;
+		}
+		return result;
+	}
+
 	// mixing operators
 	@Test
 	public void testMixingOperators01() {