potiuk commented on code in PR #32303: URL: https://github.com/apache/airflow/pull/32303#discussion_r1249654291
########## airflow/cli/commands/provider_command.py: ########## @@ -17,7 +17,7 @@ """Providers sub-commands.""" from __future__ import annotations -import re +import re2 as re Review Comment: > Note: I think the actual issue is that we are trusting user input here and re2 seems on the surface right now to just to be band-aid and not addressing the core of the problem Not really. I think it's not a band-aid, using rgular expression is part of our API specification, so we cannot really remove it unless we have a very good reason (and it's actually useful). So solving a potential way how you could (mostly accidentally) trigger the situation where it it will take a lot of time is the right approach - we do not want to remove the functionality there. Moreover - since we will already have the google-re2 dependency (which BTW is proven and battle tested because it is used internally in `go` language), we can use the opportunity to use it elsewhere whre we use regular expressions and protect other pleaces. > Also re2 fallsback to re if it doesn't know how to handle the regex. But maybe you can elaborate? The fallback is a mechanism for another library, It was a mistake to mention it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
