search

giampaolo / psutil

Cross-platform lib for process and system monitoring in Python
BSD 3-Clause "New" or "Revised" License
10.3k stars 1.39k forks source link

AIX: Improve procfiles regexp speed #2457

Closed AlekseyLobanov closed 1 month ago

AlekseyLobanov commented 1 month ago

Improves speed from exponential on bad strings like "S_IFREG' + ' ' * 150" to polynomial.

Summary

Description

Current RegExp is vulnerable to ReDoS.

POC for regexps is below:

import re
import time

COUNT = 100

for re_text, name in [
    (r"(\d+): S_IFREG.*\s*.*name:(.*)\n", "current"),
    (r"(\d+): S_IFREG.*name:(.*)\n", "fixed"),
]:
    begin_at = time.time()
    for _ in range(COUNT):
        re.findall(re_text, "S_IFREG' + ' ' * 150")
    print(f"Total for {name:8} is {time.time() - begin_at:.6f}")

My output is below

Total for current  is 0.000119
Total for fixed    is 0.000031
giampaolo commented 1 month ago

Can you also update HISTORY.rst and CREDITS?

AlekseyLobanov commented 1 month ago

Done

giampaolo commented 1 month ago

Merged. Thanks.