[
https://issues.apache.org/jira/browse/HBASE-27315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HBASE-27315:
-----------------------------------
Labels: pull-request-available (was: )
> Add timeout to JavaRegexEngine
> ------------------------------
>
> Key: HBASE-27315
> URL: https://issues.apache.org/jira/browse/HBASE-27315
> Project: HBase
> Issue Type: New Feature
> Reporter: Minwoo Kang
> Assignee: Minwoo Kang
> Priority: Minor
> Labels: pull-request-available
>
> Java regular expression engine is based on backtracking. Thus, a malicious
> regular expression may result in a ReDoS.
> When ReDoS occurs in the HBase, the region server's handler is occupied as a
> result it cannot process the user's request.
> It would be nice to have a timeout for system protection.
> The engine does not have timeout.
> The charAt method is called during pattern matching, and the charAt method
> checks if it is timeout.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
