Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ReDoS: limit concretize to strings of at most length 100 #14027

Merged
merged 2 commits into from Aug 24, 2023

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Aug 23, 2023

Fixes a performance problem in a Python project, and seems to have no change in results🤞

Evaluations: Python, Ruby, Java, JavaScript.
Only a single lost result in the Ruby evaluation, but I think we can live with that.
Otherwise seemingly no change, just some DCA noise.

@erik-krogh erik-krogh marked this pull request as ready for review August 23, 2023 12:04
@erik-krogh erik-krogh requested a review from a team August 23, 2023 12:04
@MathiasVP
Copy link
Contributor

Note that Swift has also added a couple of queries that use the shared regex library now. So you may want to include Swift in the list of DCA experiments.

@erik-krogh
Copy link
Contributor Author

Note that Swift has also added a couple of queries that use the shared regex library now. So you may want to include Swift in the list of DCA experiments.

@MathiasVP: does this look OK? https://github.com/github/codeql-dca-main/tree/data/erik-krogh/pr-14027-25e4f2__nightly__code-scanning/reports

@MathiasVP
Copy link
Contributor

It does. Thanks!

Copy link
Contributor

@yoff yoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python 👍
Thanks for the fix!

@erik-krogh
Copy link
Contributor Author

New evals still look good (see backrefs).
Merging.

@erik-krogh erik-krogh merged commit 59de92c into github:main Aug 24, 2023
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants