Unsafe joining of regexs

[k-wall]

The intent is the regular expressions are joined with a logic OR.

https://github.com/strimzi/metrics-reporter/blob/46db47fbe14950fe475ee4b59cc6519da69a0d60/src/main/java/io/strimzi/kafka/metrics/PrometheusMetricsReporterConfig.java#L59

However the approach is weak. The results of the match could be wrong, or regular expression parsing errors might be misleading.

For instance input like hell[o,s]world would lead to a valid regex hell[o|s]worldbut with the pipe being interpreted literally rather than a logic or(which would match literal hell|world). The correct behaviour would be to be told that hell[o is not a valid regex.

Another example would be hello\\,world which would lead to an escaped pipe.

[k-wall]

It is probably best to compile the expressions individually, and test the input against each pattern individually. Or, assemble a regex after you've validated that each part is a syntactically valid regex in some safe manner that respects RE precedence rules.. something like (pat1)|(pat2).... We'd need tests to ensure that anchors work properly.

[mimaison]

Fixed in https://github.com/strimzi/metrics-reporter/pull/32