diff options
author | Yusuke Endoh <mame@ruby-lang.org> | 2022-03-24 17:01:30 +0900 |
---|---|---|
committer | Yusuke Endoh <mame@ruby-lang.org> | 2022-03-30 16:50:46 +0900 |
commit | 34b288f8d471e3a3d34f2a63950b483594df282f (patch) | |
tree | 933ba27968aabe3d60b2f1626275866b458c1fc5 /doc | |
parent | ce87bb8bd64869c0d04026d6bca41dc6bd312a73 (diff) |
doc/regexp.rdoc: Add explanation about Regexp timeout configuration
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/5703
Diffstat (limited to 'doc')
-rw-r--r-- | doc/regexp.rdoc | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/regexp.rdoc b/doc/regexp.rdoc index 6aa11b0c5a..65d8cd46fa 100644 --- a/doc/regexp.rdoc +++ b/doc/regexp.rdoc @@ -27,6 +27,9 @@ Here 'haystack' contains the pattern 'hay', so it matches: Specifically, <tt>/st/</tt> requires that the string contains the letter _s_ followed by the letter _t_, so it matches _haystack_, also. +Note that any Regexp matching will raise a RuntimeError if timeout is set and +exceeded. See "Timeout" section in detail. + == <tt>=~</tt> and Regexp#match Pattern matching may be achieved by using <tt>=~</tt> operator or Regexp#match @@ -759,3 +762,23 @@ with <i>a{0,29}</i>: Regexp.new('a{0,29}' + 'a' * 29) =~ 'a' * 29 +== Timeout + +There are two APIs to set timeout. One is Timeout.timeout=, which is +process-global configuration of timeout for Regexp matching. + + Regexp.timeout = 3 + s = 'a' * 25 + 'd' + 'a' * 4 + 'c' + /(b|a+)*c/ =~ s #=> This raises an exception in three seconds + +The other is timeout keyword of Regexp.new. + + re = Regexp.new("(b|a+)*c", timeout: 3) + s = 'a' * 25 + 'd' + 'a' * 4 + 'c' + /(b|a+)*c/ =~ s #=> This raises an exception in three seconds + +When using Regexps to process untrusted input, you should use the timeout +feature to avoid excessive backtracking. Otherwise, a malicious user can +provide input to Regexp causing Denail-of-Service attack. +Note that the timeout is not set by default because an appropriate limit +highly depends on an application requirement and context. |