Medium severityNVD Advisory· Published Jun 20, 2025· Updated Apr 15, 2026
CVE-2025-48058
CVE-2025-48058
Description
PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking — even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.powsybl:powsybl-commonsMaven | < 6.7.2 | 6.7.2 |
Patches
272f79dec6d42Fix potential polynomial Regular Expression Denial of Service in the DataSource mechanism (GHSA-rqpx-f6rc-7hm5)
40 files changed · +199 −51
ampl-converter/src/main/java/com/powsybl/ampl/converter/AmplNetworkReader.java+2 −2 modified@@ -8,6 +8,8 @@ package com.powsybl.ampl.converter; import com.powsybl.commons.datasource.ReadOnlyDataSource; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.commons.util.StringToIntMapper; import com.powsybl.iidm.network.*; import org.slf4j.Logger; @@ -21,8 +23,6 @@ import java.util.Map; import java.util.Objects; import java.util.function.Function; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import java.util.stream.Collectors; import static com.powsybl.ampl.converter.AmplConstants.DEFAULT_VARIANT_INDEX;
cgmes/cgmes-conversion/src/main/java/com/powsybl/cgmes/conversion/export/CgmesExportUtil.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.cgmes.conversion.export; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conversion.CgmesReports; import com.powsybl.cgmes.conversion.Conversion; import com.powsybl.cgmes.conversion.export.elements.RegulatingControlEq; @@ -34,7 +35,6 @@ import java.time.ZonedDateTime; import java.time.format.DateTimeFormatter; import java.util.*; -import java.util.regex.Pattern; import static com.powsybl.cgmes.conversion.naming.CgmesObjectReference.ref; import static com.powsybl.cgmes.conversion.naming.CgmesObjectReference.refTyped;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/ConversionUtil.java+11 −3 modified@@ -7,6 +7,8 @@ */ package com.powsybl.cgmes.conversion.test; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.conversion.CgmesImportPostProcessor; import com.powsybl.cgmes.conversion.Conversion; @@ -29,8 +31,6 @@ import java.nio.file.Files; import java.nio.file.Path; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>} @@ -135,6 +135,14 @@ public static long getElementCount(String xmlFile, String className) { String regex = "(<cim:" + className + " (rdf:ID=\"_|rdf:about=\"#_).*?\")>"; Pattern pattern = Pattern.compile(regex); Matcher matcher = pattern.matcher(xmlFile); - return matcher.results().count(); + return matcherCount(matcher); + } + + public static int matcherCount(Matcher matcher) { + int count = 0; + while (matcher.find()) { + count++; + } + return count; } }
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CgmesExportTest.java+3 −3 modified@@ -9,6 +9,8 @@ import com.google.common.jimfs.Configuration; import com.google.common.jimfs.Jimfs; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conformity.CgmesConformity1Catalog; import com.powsybl.cgmes.conformity.CgmesConformity1ModifiedCatalog; import com.powsybl.cgmes.conversion.CgmesExport; @@ -36,8 +38,6 @@ import java.nio.file.*; import java.util.List; import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static com.powsybl.cgmes.conversion.test.ConversionUtil.*; import static org.junit.jupiter.api.Assertions.*; @@ -414,7 +414,7 @@ void testModelEquipmentOperationProfile() throws IOException { String regex = "<md:Model.profile>http://entsoe.eu/CIM/EquipmentOperation/3/1</md:Model.profile>"; Pattern pattern = Pattern.compile(regex); Matcher matcher = pattern.matcher(eqFile); - assertEquals(1, matcher.results().count()); + assertEquals(1, matcherCount(matcher)); } }
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CommonGridModelExportTest.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.cgmes.conversion.test.export; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conformity.CgmesConformity1Catalog; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.extensions.CgmesMetadataModels; @@ -35,7 +36,6 @@ import java.nio.file.Path; import java.time.ZonedDateTime; import java.util.*; -import java.util.regex.Pattern; import static com.powsybl.cgmes.conversion.test.ConversionUtil.*; import static org.junit.jupiter.api.Assertions.assertEquals;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/EquipmentExportTest.java+2 −2 modified@@ -36,6 +36,8 @@ import com.powsybl.iidm.network.util.BranchData; import com.powsybl.iidm.network.util.TwtData; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import org.apache.commons.lang3.tuple.Pair; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -52,8 +54,6 @@ import java.nio.file.Path; import java.nio.file.FileSystem; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import com.google.common.jimfs.Configuration; import com.google.common.jimfs.Jimfs;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/issues/ConsiderValidMasterRIDWithLeadingUnderscoreTest.java+2 −2 modified@@ -7,6 +7,8 @@ */ package com.powsybl.cgmes.conversion.test.export.issues; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.conversion.export.CgmesExportUtil; import com.powsybl.commons.test.AbstractSerDeTest; @@ -16,8 +18,6 @@ import java.io.IOException; import java.nio.file.Files; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static org.junit.jupiter.api.Assertions.assertTrue;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/issues/ExportNumberMaxValueTest.java+2 −2 modified@@ -1,5 +1,7 @@ package com.powsybl.cgmes.conversion.test.export.issues; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.commons.test.AbstractSerDeTest; import com.powsybl.iidm.network.*; @@ -8,8 +10,6 @@ import java.io.IOException; import java.nio.file.Files; import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static org.junit.jupiter.api.Assertions.*;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/issues/ModelIdTest.java+2 −2 modified@@ -7,6 +7,8 @@ */ package com.powsybl.cgmes.conversion.test.export.issues; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.extensions.CgmesMetadataModelsAdder; import com.powsybl.cgmes.model.CgmesSubset; @@ -24,8 +26,6 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static org.junit.jupiter.api.Assertions.*;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/LegacyCommonGridModelExportTest.java+2 −2 modified@@ -7,6 +7,8 @@ */ package com.powsybl.cgmes.conversion.test.export; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conformity.CgmesConformity1ModifiedCatalog; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.extensions.CgmesMetadataModels; @@ -22,8 +24,6 @@ import java.io.IOException; import java.nio.file.Files; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static com.powsybl.cgmes.conversion.Conversion.CGMES_PREFIX_ALIAS_PROPERTIES; import static org.junit.jupiter.api.Assertions.*;
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/StateVariablesExportTest.java+4 −3 modified@@ -7,6 +7,8 @@ */ package com.powsybl.cgmes.conversion.test.export; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.conformity.*; import com.powsybl.cgmes.conversion.CgmesExport; import com.powsybl.cgmes.conversion.CgmesImport; @@ -43,11 +45,10 @@ import java.nio.file.Path; import java.util.*; import java.util.function.Consumer; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.Stream; +import static com.powsybl.cgmes.conversion.test.ConversionUtil.matcherCount; import static org.junit.jupiter.api.Assertions.*; /** @@ -696,7 +697,7 @@ void testWriteBoundaryTnInTopologicalIsland() throws XMLStreamException { ReferenceTerminals.addTerminal(terminal.get()); String sv = exportSvAsString(network, false); Pattern p = Pattern.compile("<cim:TopologicalIsland.TopologicalNodes rdf:resource="); - assertEquals(10, p.matcher(sv).results().count()); + assertEquals(10, matcherCount(p.matcher(sv))); // 10 is the number of topological nodes in the island associated to buses and to dangling lines assertEquals(5, network.getBusBreakerView().getBusStream().count()); assertEquals(5, network.getDanglingLineStream().count());
cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/OperationalLimitConversionTest.java+2 −1 modified@@ -15,9 +15,10 @@ import com.powsybl.iidm.network.*; import org.junit.jupiter.api.Test; +import com.google.re2j.Pattern; + import java.io.IOException; import java.util.*; -import java.util.regex.Pattern; import static com.powsybl.cgmes.conversion.test.ConversionUtil.*; import static org.junit.jupiter.api.Assertions.*;
cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/CgmesNamespace.java+1 −1 modified@@ -9,14 +9,14 @@ import com.google.common.collect.BiMap; import com.google.common.collect.HashBiMap; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.regex.Pattern; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>}
cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/triplestore/CgmesModelTripleStore.java+2 −2 modified@@ -8,6 +8,8 @@ package com.powsybl.cgmes.model.triplestore; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.cgmes.model.*; import com.powsybl.commons.datasource.DataSource; import com.powsybl.commons.report.ReportNode; @@ -31,8 +33,6 @@ import java.util.Objects; import java.util.Set; import java.util.function.Consumer; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static com.powsybl.cgmes.model.CgmesNamespace.CGMES_EQ_3_OR_GREATER_PREFIX; import static com.powsybl.cgmes.model.CgmesNamespace.CIM_100_EQ_PROFILE;
commons/pom.xml+9 −0 modified@@ -56,6 +56,10 @@ <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> </dependency> + <dependency> + <groupId>com.google.re2j</groupId> + <artifactId>re2j</artifactId> + </dependency> <dependency> <groupId>com.univocity</groupId> <artifactId>univocity-parsers</artifactId> @@ -123,6 +127,11 @@ <artifactId>jimfs</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.awaitility</groupId> + <artifactId>awaitility</artifactId> + <scope>test</scope> + </dependency> <dependency> <groupId>org.junit.jupiter</groupId> <artifactId>junit-jupiter</artifactId>
commons/src/main/java/com/powsybl/commons/datasource/DirectoryDataSource.java+2 −1 modified@@ -7,14 +7,15 @@ */ package com.powsybl.commons.datasource; +import com.google.re2j.Pattern; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.util.Objects; import java.util.Set; -import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.Stream;
commons/src/main/java/com/powsybl/commons/datasource/ReadOnlyMemDataSource.java+1 −1 modified@@ -8,6 +8,7 @@ package com.powsybl.commons.datasource; import com.google.common.io.ByteStreams; +import com.google.re2j.Pattern; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -17,7 +18,6 @@ import java.util.Map; import java.util.Objects; import java.util.Set; -import java.util.regex.Pattern; import java.util.stream.Collectors; /**
commons/src/main/java/com/powsybl/commons/datasource/ResourceDataSource.java+2 −1 modified@@ -7,12 +7,13 @@ */ package com.powsybl.commons.datasource; +import com.google.re2j.Pattern; + import java.io.InputStream; import java.util.Arrays; import java.util.List; import java.util.Objects; import java.util.Set; -import java.util.regex.Pattern; import java.util.stream.Collectors; /**
commons/src/main/java/com/powsybl/commons/datasource/TarArchiveDataSource.java+1 −1 modified@@ -8,6 +8,7 @@ package com.powsybl.commons.datasource; import com.google.common.io.ByteStreams; +import com.google.re2j.Pattern; import com.powsybl.commons.io.ForwardingInputStream; import com.powsybl.commons.io.ForwardingOutputStream; import org.apache.commons.compress.archivers.ArchiveEntry; @@ -31,7 +32,6 @@ import java.util.HashSet; import java.util.Objects; import java.util.Set; -import java.util.regex.Pattern; /** * @author Nicolas Rol {@literal <nicolas.rol at rte-france.com>}
commons/src/main/java/com/powsybl/commons/datasource/ZipArchiveDataSource.java+1 −1 modified@@ -8,6 +8,7 @@ package com.powsybl.commons.datasource; import com.google.common.io.ByteStreams; +import com.google.re2j.Pattern; import com.powsybl.commons.io.ForwardingInputStream; import com.powsybl.commons.io.ForwardingOutputStream; import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; @@ -23,7 +24,6 @@ import java.util.HashSet; import java.util.Objects; import java.util.Set; -import java.util.regex.Pattern; import java.util.zip.ZipEntry; import java.util.zip.ZipOutputStream;
commons/src/test/java/com/powsybl/commons/datasource/AbstractFileSystemDataSourceTest.java+7 −2 modified@@ -21,12 +21,17 @@ import java.util.Set; import java.util.stream.Collectors; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; /** * @author Nicolas Rol {@literal <nicolas.rol at rte-france.com>} */ -abstract class AbstractFileSystemDataSourceTest { +abstract class AbstractFileSystemDataSourceTest extends AbstractReadOnlyDataSourceTest { protected FileSystem fileSystem; protected Path testDir; protected Set<String> unlistedFiles;
commons/src/test/java/com/powsybl/commons/datasource/AbstractReadOnlyDataSourceTest.java+49 −0 added@@ -0,0 +1,49 @@ +/* + * Copyright (c) 2025, RTE (http://www.rte-france.com) + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * SPDX-License-Identifier: MPL-2.0 + */ + +package com.powsybl.commons.datasource; + +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.util.concurrent.Executor; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; + +import static org.awaitility.Awaitility.await; + +/** + * @author Nicolas Rol {@literal <nicolas.rol at rte-france.com>} + */ +abstract class AbstractReadOnlyDataSourceTest { + + protected abstract ReadOnlyDataSource createDataSourceForPolynomialRegexTest() throws IOException; + + @Test + void polynomialRegexTest() throws IOException { + ReadOnlyDataSource dataSource = createDataSourceForPolynomialRegexTest(); + + AtomicBoolean finished = new AtomicBoolean(false); + Runnable runnable = () -> { + try { + dataSource.listNames("(.*a){1000}"); + } catch (IOException e) { + throw new RuntimeException(e); + } + finished.set(true); + }; + Executor executor = Executors.newSingleThreadExecutor(); + executor.execute(runnable); + + await("Quick processing") + .atMost(5, TimeUnit.SECONDS) + .pollInterval(200, TimeUnit.MILLISECONDS) + .untilTrue(finished); + } +}
commons/src/test/java/com/powsybl/commons/datasource/DirectoryDataSourceTest.java+7 −0 modified@@ -162,4 +162,11 @@ void testExceptionListNames() { // An exception is thrown because the directory does not exist assertThrows(IOException.class, () -> dataSource.listNames(".*")); } + + @Override + protected DirectoryDataSource createDataSourceForPolynomialRegexTest() throws IOException { + String filename = "a".repeat(100) + "!"; + Files.createFile(testDir.resolve(filename)); + return new DirectoryDataSource(testDir, ""); + } }
commons/src/test/java/com/powsybl/commons/datasource/ReadOnlyMemDataSourceTest.java+23 −0 added@@ -0,0 +1,23 @@ +/* + * Copyright (c) 2025, RTE (http://www.rte-france.com) + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * SPDX-License-Identifier: MPL-2.0 + */ + +package com.powsybl.commons.datasource; + +/** + * @author Nicolas Rol {@literal <nicolas.rol at rte-france.com>} + */ +class ReadOnlyMemDataSourceTest extends AbstractReadOnlyDataSourceTest { + + @Override + protected ReadOnlyMemDataSource createDataSourceForPolynomialRegexTest() { + ReadOnlyMemDataSource dataSource = new ReadOnlyMemDataSource(); + String filename = "a".repeat(100) + "!"; + dataSource.putData(filename, new byte[1]); + return dataSource; + } +}
commons/src/test/java/com/powsybl/commons/datasource/ResourcesDataSourceTest.java+13 −2 modified@@ -12,12 +12,16 @@ import java.util.Collections; import java.util.List; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>} */ -class ResourcesDataSourceTest { +class ResourcesDataSourceTest extends AbstractReadOnlyDataSourceTest { @Test void testExists() { @@ -56,4 +60,11 @@ void test() { assertNotNull(dataSource.newInputStream(null, "txt")); assertEquals(Collections.singleton("foo.txt"), dataSource.listNames(".*")); } + + @Override + protected ResourceDataSource createDataSourceForPolynomialRegexTest() { + String filename = "a".repeat(100) + "b"; + ResourceSet resourceSet = new ResourceSet("/test/", filename); + return new ResourceDataSource("test", List.of(resourceSet)); + } }
commons/src/test/java/com/powsybl/commons/datasource/TarArchiveDataSourceTest.java+9 −0 modified@@ -219,4 +219,13 @@ private OutputStream getCompressedOutputStream(OutputStream os, CompressionForma }; } + @Override + protected TarArchiveDataSource createDataSourceForPolynomialRegexTest() throws IOException { + String filename = "a".repeat(100) + "!"; + TarArchiveDataSource tarSource = new TarArchiveDataSource(testDir, "test"); + try (OutputStream os = tarSource.newOutputStream(filename, false)) { + os.write(new byte[1]); + } + return tarSource; + } }
commons/src/test/java/com/powsybl/commons/datasource/ZipArchiveDataSourceTest.java+9 −0 modified@@ -13,6 +13,7 @@ import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.nio.file.Files; import java.util.Set; import java.util.stream.Stream; @@ -174,4 +175,12 @@ void createZipDataSourceWithMoreThanOneDot() throws IOException { } } + @Override + protected ZipArchiveDataSource createDataSourceForPolynomialRegexTest() throws IOException { + ZipArchiveDataSource zipSource = new ZipArchiveDataSource(testDir, "test"); + try (OutputStream os = zipSource.newOutputStream("a".repeat(100) + "!", false)) { + os.write(new byte[1]); + } + return zipSource; + } }
commons/src/test/resources/test/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab+1 −0 added@@ -0,0 +1 @@ +// File with a name containing multiple times the same character, in order to trigger potential regex issues \ No newline at end of file
computation/src/main/java/com/powsybl/computation/Partition.java+1 −1 modified@@ -7,10 +7,10 @@ */ package com.powsybl.computation; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import java.util.Objects; -import java.util.regex.Pattern; /** * @author Yichen Tang {@literal <yichen.tang at rte-france.com>}
entsoe-util/src/main/java/com/powsybl/entsoe/util/EntsoeFileName.java+3 −2 modified@@ -7,10 +7,11 @@ */ package com.powsybl.entsoe.util; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; + import java.time.ZoneId; import java.time.ZonedDateTime; -import java.util.regex.Matcher; -import java.util.regex.Pattern; /** *
iidm/iidm-tck/src/test/java/com/powsybl/iidm/network/tck/AbstractGroundTest.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.iidm.network.tck; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import com.powsybl.iidm.network.*; import com.powsybl.iidm.network.extensions.BusbarSectionPositionAdder; @@ -17,7 +18,6 @@ import java.util.Collection; import java.util.Collections; import java.util.List; -import java.util.regex.Pattern; import static org.junit.jupiter.api.Assertions.*;
iidm/iidm-tck/src/test/java/com/powsybl/iidm/network/tck/AbstractNodeBreakerTest.java+1 −2 modified@@ -7,6 +7,7 @@ */ package com.powsybl.iidm.network.tck; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import com.powsybl.iidm.network.*; import com.powsybl.iidm.network.extensions.BusbarSectionPositionAdder; @@ -15,8 +16,6 @@ import com.powsybl.iidm.network.util.SwitchPredicates; import org.junit.jupiter.api.Test; -import java.util.regex.Pattern; - import static org.junit.jupiter.api.Assertions.*; /**
pom.xml+13 −0 modified@@ -99,6 +99,7 @@ <assertj.version>3.27.3</assertj.version> <autoservice.version>1.1.1</autoservice.version> + <awaitility.version>4.3.0</awaitility.version> <commonscli.version>1.9.0</commonscli.version> <commonscompress.version>1.27.1</commonscompress.version> <commons-configuration2.version>2.12.0</commons-configuration2.version> @@ -131,6 +132,7 @@ <nativelibloader.version>2.5.0</nativelibloader.version> <poi.version>5.4.1</poi.version> <rdf4j.version>5.1.3</rdf4j.version> + <re2j.version>1.8</re2j.version> <sirocco.version>1.0</sirocco.version> <slf4j.version>2.0.17</slf4j.version> <snakeyaml.version>2.4</snakeyaml.version> @@ -702,6 +704,11 @@ <artifactId>jimfs</artifactId> <version>${jimfs.version}</version> </dependency> + <dependency> + <groupId>com.google.re2j</groupId> + <artifactId>re2j</artifactId> + <version>${re2j.version}</version> + </dependency> <dependency> <groupId>${project.groupId}</groupId> <artifactId>powsybl-math-native</artifactId> @@ -921,6 +928,12 @@ <version>${guava.version}</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.awaitility</groupId> + <artifactId>awaitility</artifactId> + <version>${awaitility.version}</version> + <scope>test</scope> + </dependency> <dependency> <groupId>org.junit.jupiter</groupId> <artifactId>junit-jupiter</artifactId>
powerfactory/powerfactory-db/src/main/java/com/powsybl/powerfactory/db/PowerFactoryAppUtil.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.powerfactory.db; +import com.google.re2j.Pattern; import com.powsybl.commons.config.PlatformConfig; import com.powsybl.powerfactory.model.PowerFactoryException; @@ -17,7 +18,6 @@ import java.util.Comparator; import java.util.Objects; import java.util.Optional; -import java.util.regex.Pattern; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>}
powerfactory/powerfactory-dgs/src/main/java/com/powsybl/powerfactory/dgs/DgsParser.java+2 −2 modified@@ -7,6 +7,8 @@ */ package com.powsybl.powerfactory.dgs; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import com.powsybl.powerfactory.model.DataAttributeType; import com.powsybl.powerfactory.model.PowerFactoryException; @@ -26,8 +28,6 @@ import java.util.Optional; import java.util.function.BiConsumer; import java.util.function.Function; -import java.util.regex.Matcher; -import java.util.regex.Pattern; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>}
psse/psse-model/src/main/java/com/powsybl/psse/model/io/FileFormat.java+1 −1 modified@@ -7,7 +7,7 @@ */ package com.powsybl.psse.model.io; -import java.util.regex.Pattern; +import com.google.re2j.Pattern; /** * @author Luma Zamarreño {@literal <zamarrenolm at aia.es>}
psse/psse-model/src/main/java/com/powsybl/psse/model/io/LegacyTextReader.java+2 −2 modified@@ -7,6 +7,8 @@ */ package com.powsybl.psse.model.io; +import com.google.re2j.Matcher; +import com.google.re2j.Pattern; import com.powsybl.psse.model.PsseException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -16,8 +18,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Scanner; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static com.powsybl.psse.model.io.FileFormat.LEGACY_TEXT;
time-series/time-series-api/src/test/java/com/powsybl/timeseries/TimeSeriesTest.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.timeseries; +import com.google.re2j.Pattern; import com.powsybl.commons.report.PowsyblCoreReportResourceBundle; import com.powsybl.commons.report.ReportNode; import com.powsybl.commons.test.PowsyblCoreTestReportResourceBundle; @@ -31,7 +32,6 @@ import java.util.List; import java.util.Map; import java.util.Objects; -import java.util.regex.Pattern; import java.util.stream.Stream; import static com.powsybl.timeseries.TimeSeries.writeInstantToString;
tools-test/src/main/java/com/powsybl/tools/test/AbstractToolTest.java+1 −1 modified@@ -9,6 +9,7 @@ import com.google.common.jimfs.Configuration; import com.google.common.jimfs.Jimfs; +import com.google.re2j.Pattern; import com.powsybl.commons.config.InMemoryPlatformConfig; import com.powsybl.commons.test.ComparisonUtils; import com.powsybl.computation.ComputationManager; @@ -33,7 +34,6 @@ import java.nio.file.Files; import java.util.Objects; import java.util.function.BiConsumer; -import java.util.regex.Pattern; import static org.junit.jupiter.api.Assertions.*;
tools-test/src/test/java/com/powsybl/tools/test/CommandLineToolsTest.java+1 −1 modified@@ -7,6 +7,7 @@ */ package com.powsybl.tools.test; +import com.google.re2j.Pattern; import com.powsybl.commons.PowsyblException; import com.powsybl.tools.Command; import com.powsybl.tools.CommandLineTools; @@ -19,7 +20,6 @@ import java.util.Arrays; import java.util.UUID; -import java.util.regex.Pattern; /** * @author Geoffroy Jamgotchian {@literal <geoffroy.jamgotchian at rte-france.com>}
4fa8b7d8b713Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-rqpx-f6rc-7hm5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-48058ghsaADVISORY
- github.com/powsybl/powsybl-core/commit/72f79dec6d4292f892fbddd68a19c67935c7d81fnvdWEB
- github.com/powsybl/powsybl-core/releases/tag/v6.7.2nvdWEB
- github.com/powsybl/powsybl-core/security/advisories/GHSA-rqpx-f6rc-7hm5nvdWEB
News mentions
0No linked articles in our index yet.