Skip to content

improv(logger): Updated the regex for getCodeLocation to prevent regex exploit #4389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 27, 2025
Merged

improv(logger): Updated the regex for getCodeLocation to prevent regex exploit #4389

merged 4 commits into from
Aug 27, 2025

Conversation

sdangol
Copy link
Contributor

@sdangol sdangol commented Aug 26, 2025

Summary

This PR updates the regex used by the function getCodeLocation to get the file and line number in the error stack trace. It prevent slow execution of regex when encountered with string starting with multiple occurrences of ((

Changes

Please provide a summary of what's being changed

  • Added a ( to the regex capture group to prevent matching series of ((

Please add the issue number below, if no issue is present the PR might get blocked and not be reviewed

Issue number: closes #4366

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@pull-request-size pull-request-size bot added the size/XS PR between 0-9 LOC label Aug 26, 2025
@boring-cyborg boring-cyborg bot added the logger This item relates to the Logger Utility label Aug 26, 2025
@sdangol sdangol self-assigned this Aug 26, 2025
@sdangol sdangol requested a review from dreamorosi August 26, 2025 12:31
@dreamorosi
Copy link
Contributor

Quality Gate Failed Quality Gate failed

Failed conditions C Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

is this SonarCloud finding valid?

@sdangol
Copy link
Contributor Author

sdangol commented Aug 26, 2025
edited
Loading

is this SonarCloud finding valid?

Yes, I had accidentally left a duplicate bracket there. I've removed it now

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dreamorosi dreamorosi merged commit 801333d into main Aug 27, 2025
37 checks passed
@dreamorosi dreamorosi deleted the improv/logger-error-regex branch August 27, 2025 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svozza svozza svozza approved these changes

@dreamorosi dreamorosi Awaiting requested review from dreamorosi

Assignees

@sdangol sdangol

Labels
logger This item relates to the Logger Utility size/XS PR between 0-9 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Regular expression to get code location in logger may take more time to make some inputs
3 participants
@sdangol @dreamorosi @svozza