Fix possible regex matching stack overflow (#2150)

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>

core/src/main/java/feign/template/Expressions.java

@@ -22,6 +22,8 @@
 
 public final class Expressions {
 
+  private static final int MAX_EXPRESSION_LENGTH = 10000;
+
   private static final String PATH_STYLE_OPERATOR = ";";
   /**
    * Literals may be present and preceded the expression.
@@ -68,6 +70,12 @@ public static Expression create(final String value) {
       throw new IllegalArgumentException("an expression is required.");
     }
 
+    /* Check if the expression is too long */
+    if (expression.length() > MAX_EXPRESSION_LENGTH) {
+      throw new IllegalArgumentException(
+          "expression is too long. Max length: " + MAX_EXPRESSION_LENGTH);
+    }
+
     /* create a new regular expression matcher for the expression */
     String variableName = null;
     String variablePattern = null;

core/src/test/java/feign/template/ExpressionsTest.java

@@ -16,6 +16,7 @@
 import org.junit.jupiter.api.Test;
 import java.util.Collections;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatObject;
 
 public class ExpressionsTest {
 
@@ -27,6 +28,17 @@ public void simpleExpression() {
     assertThat(expanded).isEqualToIgnoringCase("foo=bar");
   }
 
+  @Test
+  public void malformedBodyTemplate() {
+    String bodyTemplate = "{" + "a".repeat(65536) + "}";
+
+    try {
+      BodyTemplate template = BodyTemplate.create(bodyTemplate);
+    } catch (Throwable e) {
+      assertThatObject(e).isNotInstanceOf(StackOverflowError.class);
+    }
+  }
+
   @Test
   public void androidCompatibility() {
     // To match close brace on Android, it must be escaped due to the simpler ICU regex engine