SA Bugzilla – Bug 5312
Razor plugin uses forbidden $' operator
Last modified: 2007-06-07 00:56:06 UTC
Using the magic of the Devel::SawAmpersand module, I've written a new regression test which detects the use of $& during scanning. as 'perldoc perlvar' states: The use of this variable anywhere in a program imposes a consider- able performance penalty on all regular expression matches. See "BUGS". so in other words, once one module uses it, every single RE match afterwards becomes much slower... very bad news for SA, naturally. And wouldn't you know it, one of our dependency modules does: Razor. at least, once the Mail::SA::Plugin::Razor2 plugin is loaded, with my installed version of razor, Devel::SawAmpersand::sawampersand() returns 1... unfortunately we can't scope use of $&.
just confirmed; still an issue with razor 2.82, the current release... I think it's from the use of $' in these files: lib/Razor2/Preproc/deBase64.pm lib/Razor2/Preproc/deQP.pm lib/Razor2/Signature/Whiplash.pm Patch to follow, which fixes the bug for me.
Created attachment 3844 [details] patch against razor-agents 2.82
reported to razor guys: http://sourceforge.net/tracker/index.php?func=detail&aid=1645290&group_id=3978&atid=103978 I don't think there's much we can do about this in our own code for 3.2.0; maybe warn in the INSTALL notes?
(In reply to comment #3) > I don't think there's much we can do about this in our own code for 3.2.0; maybe > warn in the INSTALL notes? Yeah, definitely nothing for 3.2. IMO, there's two options overall: - change the Razor2 plugin to drop as much of the razor-agents code as possible. this would, for instance, mean the message doesn't need to be reparsed, and we could potentially drop all the commandline script code, etc. - no offense to them, but the razor2 perl code could use a bunch of cleanup and refactoring. for example, if you look at razor-admin, there's pretty much nothing in there -- everything, including commandline parsing, etc, is all in the modules. so we could work on fixing up their stuff, thereby making it work better with SA. I'd rather focus on the first option if possible.
ok, added some doc: : jm 453...; svn commit -m "bug 5312: document Razor slowdown bug" INSTALL Sending INSTALL Transmitting file data . Committed revision 501198. hopefully the Razor guys can fix this soon... in the meantime, let's leave this bug open and if anyone wants to hack up an alternate razor-agents, that can be done for 3.3.0.
(btw, it's worth noting that simply setting scores to 0 doesn't help; even if the scores are == 0, if the plugin is loaded and -L is not specified, the bug will take effect and all regexps will be slowed down.)
Looks like the patch wasn't quite what was intended - the patch to Whiplash.pm doesn't apply cleanly; it looks like the .OLD tree wasn't a completely clean razor-agents-2.82.
Created attachment 3915 [details] Updated patch including Whiplash.pm fix
HI. Sorry for my ignorance, but How exactly should I apply the patch? I mean, what is the exact command line(s)? My setup is: OS = Fedora Core 6 razor agents 2.8.2 spamassassin 3.1.8 MimeDefang 2.61 Path to Razor agents: /usr/lib/perl5/vendor_perl/5.8.8/Razor2/ Thanks. Yizhar Hurwitz
Created attachment 3937 [details] Updated patch with Whiplash.pm fix changed to be consistent with Preproc fixes (In reply to comment #8) > Created an attachment (id=3915) [edit] > Updated patch including Whiplash.pm fix Added one character to the Whiplash.pm patch to match the Preproc patch. - last unless $text =~ m"http://(.*)"; + last unless $text =~ m"http://(.*)$";
(In reply to comment #3) > reported to razor guys: > > http://sourceforge.net/tracker/index.php?func=detail&aid=1645290&group_id=3978&atid=103978 SF bug updated with links back to this bug and closed as fixed in 2.83 (upcoming).
(In reply to comment #11) > SF bug updated with links back to this bug and closed asfixed in 2.83 (upcoming). 2.83 published to SourceForge. http://sourceforge.net/project/showfiles.php?group_id=3978&package_id=30227&release_id=507010
Created attachment 3938 [details] update our docs thanks Richard. this patch updates our docs to note the fix... devs, please review for 3.2.1...
actually, doc fixes count as trivial ;) applied to trunk: : jm 183...; svn commit -m "bug 5312: doc fix: note that Razor-agents 2.83 includes the fix for the perl-interpreter slowdown bug" INSTALL Sending INSTALL Transmitting file data . Committed revision 536481. and 3.2.0: : jm 159...; svn commit -m "bug 5312: doc fix: note that Razor-agents 2.83 includes the fix for the perl-interpreter slowdown bug" INSTALL Sending INSTALL Transmitting file data . Committed revision 536482.
Note that NetAddr::IP is infested with $& and $` thoroughly, including its autoloaded modules. Unfortunately Mail::SPF uses NetAddr::IP, and SPF plugin for SA is loaded through init.pre by default. $ perl -MNetAddr::IP -MDevel::SawAmpersand \ -e 'printf("SawA: %d\n",Devel::SawAmpersand::sawampersand)' SawA: 1 $ perl -MMail::SPF -MDevel::SawAmpersand \ -e 'printf("SawA: %d\n",Devel::SawAmpersand::sawampersand)' SawA: 1
The NetAddr::IP guys are in the process of resolving this.
NetAddr::IP v4.007 removes everything that would cause PL_sawampersand to be set to true. We may want to note this somewhere in the POD or on the wiki.
[dos@cyan trunk]$ svn ci -m "bug 5312: add note to INSTALL doc that NetAddr::IP versions before 4.007 trigger PL_sawampersand slow down" Sending INSTALL Transmitting file data . Committed revision 545093. [dos@cyan trunk]$ cd ../3.2 [dos@cyan 3.2]$ svn ci -m "bug 5312: add note to INSTALL doc that NetAddr::IP versions before 4.007 trigger PL_sawampersand slow down" Sending INSTALL Transmitting file data . Committed revision 545094. [dos@cyan 3.2]$