Using PATH and namely it's sub-pattern UNIXPATH can lead to DoS (due regular expression back-tracking).
Sample one line reproducer (pattern is the original expanded UNIXPATH):
ruby -e '/(\/([\w_%!$@:.,+~-]+|\\\\.)*)+ /.match "/opt/abcdef/1/.22/3:3+3/foo@BAR/X-Y+Z/~Sample_l_&^_c b"'
... the important part is the non-matching &^ sequence at the end.
Currently UNIXPATH does not handle unicode chars (separate issue), this issue (100% CPU) was discovered with non-ascii chars at the end: /home/eaeaea/data/import/Sample_xyz_lé_é_c b
Also to be noted that the pattern does not interrupt properly, using a timeout, thus there isn't a good work-around except not using or redefining PATH/UNIXPATH.
Using
PATHand namely it's sub-patternUNIXPATHcan lead to DoS (due regular expression back-tracking).Sample one line reproducer (pattern is the original expanded
UNIXPATH):ruby -e '/(\/([\w_%!$@:.,+~-]+|\\\\.)*)+ /.match "/opt/abcdef/1/.22/3:3+3/foo@BAR/X-Y+Z/~Sample_l_&^_c b"'... the important part is the non-matching
&^sequence at the end.Currently
UNIXPATHdoes not handle unicode chars (separate issue), this issue (100% CPU) was discovered with non-ascii chars at the end:/home/eaeaea/data/import/Sample_xyz_lé_é_c bAlso to be noted that the pattern does not interrupt properly, using a timeout, thus there isn't a good work-around except not using or redefiningPATH/UNIXPATH.resolves https://github.com/logstash-plugins/logstash-patterns-core/issues/159