afet-yonetim-sistemi · BahattinSalihAs · Sep 9, 2025 · Sep 5, 2025
@@ -8,7 +8,6 @@
 import org.springframework.stereotype.Service;
 
 import java.util.List;
-import java.util.stream.Collectors;
 
 /**
  * Service implementation for managing permissions.
@@ -22,7 +21,6 @@ class AysPermissionServiceImpl implements AysPermissionService {
 
     private final AysIdentity identity;
 
-
     /**
      * Retrieves a filtered list of permissions based on the user's identity.
      * <p>
@@ -39,12 +37,12 @@ public List<AysPermission> findAll() {
         if (identity.isSuperAdmin()) {
             return permissionReadPort.findAll().stream()
                     .filter(permission -> !"landing:page".equals(permission.getName()))
-                    .collect(Collectors.toList());
+                    .toList();
         }
 
         return permissionReadPort.findAllByIsSuperFalse().stream()
                 .filter(permission -> !"landing:page".equals(permission.getName()))
-                .collect(Collectors.toList());
+                .toList();
     }
 
 }
@@ -60,7 +60,7 @@ public static String generateUUID() {
     /**
      * Utility method to generate a random alphabetic string of the specified length.
      * <p>
-     * This method uses the {@link RandomStringUtils#randomAlphabetic(int)} to generate a string
+     * This method uses the {@link RandomStringUtils#secure().nextAlphabetic(int)} to generate a string
      * containing random alphabetic characters (a-z, A-Z). The length of the generated string is
      * determined by the input parameter.
      * </p>
@@ -70,7 +70,7 @@ public static String generateUUID() {
      * @throws IllegalArgumentException if the specified length is negative
      */
     public static String generateText(int length) {
-        return RandomStringUtils.randomAlphabetic(length);
+        return RandomStringUtils.secure().nextAlphabetic(length);
     }
 
 }
@@ -22,8 +22,14 @@ class NameValidator implements ConstraintValidator<Name, String> {
      * </ul>
      *  It also avoids strings that start with special characters
      * </p>
+     *
+     * Regex for validating names.
+     * Note: The "+" before the end anchor "$" is a possessive quantifier (*+).
+     * It behaves like "*" but disallows backtracking, which prevents
+     * catastrophic backtracking and improves performance.
+     * The accepted matches remain the same, only execution is safer and faster.
      */
-    private static final String NAME_REGEX = "^(?!.*[ ,.'-]{2})[a-zA-ZÇçĞğİıÖöŞşÜü]+(?:[ ,.'-](?![ ,.'-])[a-zA-ZÇçĞğİıÖöŞşÜü]+)*$";
+    private static final String NAME_REGEX = "^(?!.*[ ,.'-]{2})[a-zA-ZÇçĞğİıÖöŞşÜü]+(?:[ ,.'-](?![ ,.'-])[a-zA-ZÇçĞğİıÖöŞşÜü]+)*+$";
 
     /**
      * Checks whether the given value is a valid name or not.

@@ -27,7 +27,7 @@ public AysUserBuilder withValidValues() {
         return this
                 .withId(AysRandomUtil.generateUUID())
                 .withInstitution(institution)
-                .withEmailAddress(RandomStringUtils.randomAlphabetic(8).concat("@afetyonetimsistemi.org"))
+                .withEmailAddress(RandomStringUtils.secure().nextAlphabetic(8).concat("@afetyonetimsistemi.org"))
                 .withPhoneNumber(new AysPhoneNumberBuilder().withValidValues().build())
                 .withStatus(AysUserStatus.ACTIVE)
                 .withPassword(null)