[DAFFODIL-423] Eliminate unbounded "*" and "+" from all regex - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: s5
Fix Version/s: None
Component/s: Back End, DFDL Schemas
Labels:
None

Description

Anywhere that we use a * or + in a regex, we need to replace it by

{0,N}

{1, N}

where N is a tunable constant taken from daffodil.compiler.Compiler object (where all the other tunable constants live).

This is to eliminate the issue that regex's can be exploited to crash/disable software by making them either too slow, or blowing up some buffer capacity.

Where a + or * will match characters that are part of a delimiter there should be a constant for maximum delimiter size. Where a + or * will match simple type content, there should be a maximum simple element size. (These are all measured in characters I believe.). Where a + or * will match complexContent size, there should be a different maximum complex content size.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Mike Beckerle

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Nov/12 15:52

Updated:: 13/Sep/18 14:04