Exponential backtracking in regex blocks Thread #425

ic0ns · 2020-01-06T14:02:21Z

Hey,
I am currently facing problem with servers which have regular expressions within their robots.txt which require an unreasonable amount of computing time to match for using RobotstxtServer.java (https://www.regular-expressions.info/catastrophic.html). Eg:

User-agent: *
Disallow: /********************/
Disallow: /*******************

Matching for the url: "/asdjdsfsdfjkhejrhwjerhjkfdhksdjfhksjdfhjksdfhjksfdhjksdfasdasdd/js/jquery/jquery-migrate.min.js" completly freezes the thread. The console just shows:

10:53:34.438 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:53:39.438 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:53:39.438 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:53:44.438 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:53:44.438 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:53:49.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:53:49.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:53:54.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:53:54.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:53:59.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:53:59.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:04.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:04.439 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:09.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:09.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:14.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:14.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:19.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:19.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:24.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:24.440 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:29.441 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:29.441 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:34.441 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:34.441 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:39.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:39.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:44.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:44.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:49.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:49.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:54.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:54.442 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS
10:54:59.443 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing expired connections
10:54:59.443 [Connection Manager] DEBUG e.u.i.c.f.SniPoolingHttpClientConnectionManager - Closing connections idle longer than 30 SECONDS

Is there a way around this?

The text was updated successfully, but these errors were encountered:

dgoiko · 2020-01-24T18:39:03Z

Fast solution: disable robots.txt

Looking at the code, the problem is with Matcher.matches, and it can't be timed out. You'll have to modify robots.txt server and PathRule.

this post talks about timeoutable regex

I'm prerparing a MR with this functionality. You can take a look at it #429 . It decreases overall regexp performance, but it will do the job.

dgoiko linked a pull request Jan 24, 2020 that will close this issue

Timeoutable regular expressions in RobotstxtServer #429

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exponential backtracking in regex blocks Thread #425

Exponential backtracking in regex blocks Thread #425

ic0ns commented Jan 6, 2020

dgoiko commented Jan 24, 2020 •

edited

Exponential backtracking in regex blocks Thread #425

Exponential backtracking in regex blocks Thread #425

Comments

ic0ns commented Jan 6, 2020

dgoiko commented Jan 24, 2020 • edited

dgoiko commented Jan 24, 2020 •

edited