pygments icon indicating copy to clipboard operation
pygments copied to clipboard

Published 20 hours ago verified publisher icon pygments

Catastrophic backtracking in SquidConfLexer

Open jeanas opened this issue 3 years ago • 1 comments
trafficstars

The CI run https://github.com/pygments/pygments/runs/7368863507?check_suite_focus=true timed out in test_random_input for SquidConfLexer.

The offending regex is very likely

    ip_re = (
        r'(?:(?:(?:[3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2}|0x0*[0-9a-f]{1,2}|'
        r'0+[1-3]?[0-7]{0,2})(?:\.(?:[3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2}|'
        r'0x0*[0-9a-f]{1,2}|0+[1-3]?[0-7]{0,2})){3})|(?!.*::.*::)(?:(?!:)|'
        r':(?=:))(?:[0-9a-f]{0,4}(?:(?<=::)|(?<!::):)){6}(?:[0-9a-f]{0,4}'
        r'(?:(?<=::)|(?<!::):)[0-9a-f]{0,4}(?:(?<=::)|(?<!:)|(?<=:)(?<!::):)|'
        r'(?:25[0-4]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-4]|2[0-4]\d|1\d\d|'
        r'[1-9]?\d)){3}))'
    )

I'm pretty eager to dissect that!!

jeanas avatar Jul 16 '22 08:07 jeanas

This can probably also be simplified a lot. We don't need to verify the 0-255 range for octets, for example.

birkenfeld avatar Jul 16 '22 08:07 birkenfeld