From fe118a555dc666e240480a0c56e94e2786b09c81 Mon Sep 17 00:00:00 2001
From: BahattinSalihAs <asbahattinsalih@gmail.com>
Date: Fri, 5 Sep 2025 16:46:13 +0300
Subject: [PATCH] fix: resolve SonarQube issues

---
 .../ays/auth/service/impl/AysPermissionServiceImpl.java   | 6 ++----
 src/main/java/org/ays/common/util/AysRandomUtil.java      | 4 ++--
 .../org/ays/common/util/validation/NameValidator.java     | 8 +++++++-
 src/test/java/org/ays/auth/model/AysUserBuilder.java      | 2 +-
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/ays/auth/service/impl/AysPermissionServiceImpl.java b/src/main/java/org/ays/auth/service/impl/AysPermissionServiceImpl.java
index 3370fffd7..dd95b2371 100644
--- a/src/main/java/org/ays/auth/service/impl/AysPermissionServiceImpl.java
+++ b/src/main/java/org/ays/auth/service/impl/AysPermissionServiceImpl.java
@@ -8,7 +8,6 @@
 import org.springframework.stereotype.Service;
 
 import java.util.List;
-import java.util.stream.Collectors;
 
 /**
  * Service implementation for managing permissions.
@@ -22,7 +21,6 @@ class AysPermissionServiceImpl implements AysPermissionService {
 
     private final AysIdentity identity;
 
-
     /**
      * Retrieves a filtered list of permissions based on the user's identity.
      * <p>
@@ -39,12 +37,12 @@ public List<AysPermission> findAll() {
         if (identity.isSuperAdmin()) {
             return permissionReadPort.findAll().stream()
                     .filter(permission -> !"landing:page".equals(permission.getName()))
-                    .collect(Collectors.toList());
+                    .toList();
         }
 
         return permissionReadPort.findAllByIsSuperFalse().stream()
                 .filter(permission -> !"landing:page".equals(permission.getName()))
-                .collect(Collectors.toList());
+                .toList();
     }
 
 }
diff --git a/src/main/java/org/ays/common/util/AysRandomUtil.java b/src/main/java/org/ays/common/util/AysRandomUtil.java
index a35dce314..5e0189ea4 100644
--- a/src/main/java/org/ays/common/util/AysRandomUtil.java
+++ b/src/main/java/org/ays/common/util/AysRandomUtil.java
@@ -60,7 +60,7 @@ public static String generateUUID() {
     /**
      * Utility method to generate a random alphabetic string of the specified length.
      * <p>
-     * This method uses the {@link RandomStringUtils#randomAlphabetic(int)} to generate a string
+     * This method uses the {@link RandomStringUtils#secure().nextAlphabetic(int)} to generate a string
      * containing random alphabetic characters (a-z, A-Z). The length of the generated string is
      * determined by the input parameter.
      * </p>
@@ -70,7 +70,7 @@ public static String generateUUID() {
      * @throws IllegalArgumentException if the specified length is negative
      */
     public static String generateText(int length) {
-        return RandomStringUtils.randomAlphabetic(length);
+        return RandomStringUtils.secure().nextAlphabetic(length);
     }
 
 }
diff --git a/src/main/java/org/ays/common/util/validation/NameValidator.java b/src/main/java/org/ays/common/util/validation/NameValidator.java
index 61dc209e8..0564f12b8 100644
--- a/src/main/java/org/ays/common/util/validation/NameValidator.java
+++ b/src/main/java/org/ays/common/util/validation/NameValidator.java
@@ -22,8 +22,14 @@ class NameValidator implements ConstraintValidator<Name, String> {
      * </ul>
      *  It also avoids strings that start with special characters
      * </p>
+     *
+     * Regex for validating names.
+     * Note: The "+" before the end anchor "$" is a possessive quantifier (*+).
+     * It behaves like "*" but disallows backtracking, which prevents
+     * catastrophic backtracking and improves performance.
+     * The accepted matches remain the same, only execution is safer and faster.
      */
-    private static final String NAME_REGEX = "^(?!.*[ ,.'-]{2})[a-zA-ZÇçĞğİıÖöŞşÜü]+(?:[ ,.'-](?![ ,.'-])[a-zA-ZÇçĞğİıÖöŞşÜü]+)*$";
+    private static final String NAME_REGEX = "^(?!.*[ ,.'-]{2})[a-zA-ZÇçĞğİıÖöŞşÜü]+(?:[ ,.'-](?![ ,.'-])[a-zA-ZÇçĞğİıÖöŞşÜü]+)*+$";
 
     /**
      * Checks whether the given value is a valid name or not.
diff --git a/src/test/java/org/ays/auth/model/AysUserBuilder.java b/src/test/java/org/ays/auth/model/AysUserBuilder.java
index b0dafd46e..e57b97a93 100644
--- a/src/test/java/org/ays/auth/model/AysUserBuilder.java
+++ b/src/test/java/org/ays/auth/model/AysUserBuilder.java
@@ -27,7 +27,7 @@ public AysUserBuilder withValidValues() {
         return this
                 .withId(AysRandomUtil.generateUUID())
                 .withInstitution(institution)
-                .withEmailAddress(RandomStringUtils.randomAlphabetic(8).concat("@afetyonetimsistemi.org"))
+                .withEmailAddress(RandomStringUtils.secure().nextAlphabetic(8).concat("@afetyonetimsistemi.org"))
                 .withPhoneNumber(new AysPhoneNumberBuilder().withValidValues().build())
                 .withStatus(AysUserStatus.ACTIVE)
                 .withPassword(null)