cgivre commented on PR #2762: URL: https://github.com/apache/drill/pull/2762#issuecomment-1438871668
> Wouldn't this change introduce ReDoS vulnerability? Potentially, but we already allow `REGEXP_REPLACE` and `REGEX_MATCHES`, so I don't know that this actually makes anything worse. I did try adding a validator with this `saferegex`[1] but that library is not suitable for inclusion in Drill. (It prints all kinds of stuff to STDOUT.) [1]: https://github.com/jkutner/saferegex -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
