bolkedebruin commented on code in PR #32303:
URL: https://github.com/apache/airflow/pull/32303#discussion_r1250200591
##########
airflow/cli/commands/provider_command.py:
##########
@@ -17,7 +17,7 @@
"""Providers sub-commands."""
from __future__ import annotations
-import re
+import re2 as re
Review Comment:
Yep I stand corrected on mentioning the fallback mechanism. I had to find
out myself as there was so little detail in the commit message.
The commit message could read:
"Use linear time regular expressions
The standard regexp library can consume > O(n) in certain circumstances. The
re2 library does not have this issue.
"
Which clarifies, but doesnt give away the issue.
I do not fully agree with your assessment @potiuk that we want to keep that.
We are trusting user input here and regexp engines are notorious to have
issues. Imho the root cause is trusting user input and that is what probably
should be addressed. The new, current, commit message says as much now
("untrusted"). This is a workaround still.
I won't stand in the way of the commit, but I stand by my opinion that it is
band-aid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
