Minwoo Kang created HBASE-27315: ----------------------------------- Summary: Add timeout to JavaRegexEngine Key: HBASE-27315 URL: https://issues.apache.org/jira/browse/HBASE-27315 Project: HBase Issue Type: New Feature Reporter: Minwoo Kang Assignee: Minwoo Kang
Java regular expression engine is based on backtracking. Thus, a malicious regular expression may result in a ReDoS. When ReDoS occurs in the HBase, the region server's handler is occupied as a result it cannot process the user's request. It would be nice to have a timeout for system protection. The engine does not have timeout. The charAt method is called during pattern matching, and the charAt method checks if it is timeout. -- This message was sent by Atlassian Jira (v8.20.10#820010)