Minwoo Kang created HBASE-27315:
-----------------------------------
Summary: Add timeout to JavaRegexEngine
Key: HBASE-27315
URL: https://issues.apache.org/jira/browse/HBASE-27315
Project: HBase
Issue Type: New Feature
Reporter: Minwoo Kang
Assignee: Minwoo Kang
Java regular expression engine is based on backtracking. Thus, a malicious
regular expression may result in a ReDoS.
When ReDoS occurs in the HBase, the region server's handler is occupied as a
result it cannot process the user's request.
It would be nice to have a timeout for system protection.
The engine does not have timeout.
The charAt method is called during pattern matching, and the charAt method
checks if it is timeout.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
