Default QueryFilter has a very slow RegEx on certain inputs
#1838
Labels
Comments
aukevanleeuwen
added a commit
to aukevanleeuwen/logbook
that referenced
this issue
May 16, 2024
6 tasks
|
Here's my CPU struggling on doing RegEx stuff on large inputs:
|
|
For future readers: this default behaviour can be disabled by setting |
aukevanleeuwen
added a commit
to aukevanleeuwen/logbook
that referenced
this issue
May 27, 2024
aukevanleeuwen
added a commit
to aukevanleeuwen/logbook
that referenced
this issue
May 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was sending some requests with
curlto an application that had logbook enabled and noticed quite terrible performance.curlby default will send data with aContent-Type: application/x-www-form-urlencoded, by default this triggers a QueryFilter that will try to parse the content and look forclient_secretandpasswordin the body and obfuscate that.In the end this will end up parsing the body with this Pattern:
logbook/logbook-core/src/main/java/org/zalando/logbook/core/QueryFilters.java
Line 60 in 8fa25bb
I debugged the regex (with PCRE, not Java but seems to have roughly the same performance) and the amount of steps is exponential with the body size. This matches my experience as well. Sending a 100K body took about 4s if I recall correctly, sending 1MB would take minutes.
Btw: it largely depends on the body. If your body actually has a lot of parameters, so lots of stuff separated by
&, it's much less of a problem. If it has just a large text of some sort, it will blow up.Description
Why I consider this a bug: I think there is no reason for a regex that will has
O(n^2)complexity.Expected Behavior
To be faster! :-D
Actual Behavior
It's slow.
Steps to Reproduce
The text was updated successfully, but these errors were encountered: