sbp commented on issue #599: URL: https://github.com/apache/tooling-trusted-releases/issues/599#issuecomment-3813816974
There are several RE2 packages on PyPI, but none of them, as far as I could find, have wheels for musl. I did manage to get the leading candidate package working in our Alpine container, but it required many dependencies and increased the build time of the container. Therefore I searched for alternatives and found Hyperscan, which was open sourced by Intel, who [describe it as preventing exactly the same class of attacks](https://www.intel.com/content/www/us/en/collections/libraries/hyperscan/optimize-azure-cloud-security-with-intel-hyperscan.html): > Hyperscan is an automata-based (e.g. NFA/DFA) approach without backtracking. Backtracking needs to traverse all possible paths within automata and can trigger exponential matching time in terms of input length, which is the root cause of ReDOS. So Hyperscan guarantees no exponential scanning time and is immune to ReDOS attacks. Hyperscan complies with the Intel SSSE3 instruction set as a minimum requirement and leverages SIMD instructions to accelerate matching performance. The Python package for Hyperscan on PyPI has musl wheels. In 360bdf27541ad6fefe1b37c33c866dd460493a62 I added Hyperscan to our dependencies, and in 66e7823b0cee7638e6cb13c1162acc88b75c96cb I migrated our ignore patterns to use Hyperscan instead of `re` from the Python standard library. We should still reserve migrating to RE2, so I think in our documentation we should describe the common subset of Hyperscan and RE2 syntax and behaviour. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
