Skip to content

Scripting: enable regular expressions by default (#63029) #63272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 5, 2020
Merged

Scripting: enable regular expressions by default (#63029) #63272

merged 2 commits into from
Oct 5, 2020

Conversation

@stu-elastic
Copy link
Contributor

@stu-elastic stu-elastic commented Oct 5, 2020

  • Setting script.painless.regex.enabled has a new option,
    use-factor, the default. This defaults to using regular
    expressions but limiting the complexity of the regular
    expressions.

    In addition to use-factor, the setting can be true, as
    before, which enables regular expressions without limiting them.

    false totally disables regular expressions, which was the
    old default.

  • New setting script.painless.regex.limit-factor. This limits
    regular expression complexity by limiting the number characters
    a regular expression can consider based on input length.

    The default is 6, so a regular expression can consider
    6 * input length number of characters. With input
    foobarbaz (length 9), for example, the regular expression
    can consider 54 (6 * 9) characters.

    This reduces the impact of exponential backtracking in Java's
    regular expression engine.

  • add @inject_constant annotation to whitelist.

    This annotation signals that a compiler settings will
    be injected at the beginning of a whitelisted method.

    The format is argnum=settingname:
    1=foo_setting 2=bar_setting.

    Argument numbers must start at one and must be sequential.

  • Augment
    Pattern.split(CharSequence)
    Pattern.split(CharSequence, int),
    Pattern.splitAsStream(CharSequence)
    Pattern.matcher(CharSequence)
    to take the value of script.painless.regex.limit-factor as a
    an injected parameter, limiting as explained above when this
    setting is in use.

Fixes: #49873
Backport of: 93f29a4

@stu-elastic
Scripting: enable regular expressions by default (elastic#63029)
286b243 
* Setting `script.painless.regex.enabled` has a new option,
  `use-factor`, the default.  This defaults to using regular
  expressions but limiting the complexity of the regular
  expressions.

  In addition to `use-factor`, the setting can be `true`, as
  before, which enables regular expressions without limiting them.

  `false` totally disables regular expressions, which was the
  old default.

* New setting `script.painless.regex.limit-factor`.  This limits
  regular expression complexity by limiting the number characters
  a regular expression can consider based on input length.

  The default is `6`, so a regular expression can consider
  `6` * input length number of characters.  With input
  `foobarbaz` (length `9`), for example, the regular expression
  can consider `54` (`6 * 9`) characters.

  This reduces the impact of exponential backtracking in Java's
  regular expression engine.

* add `@inject_constant` annotation to whitelist.

  This annotation signals that a compiler settings will
  be injected at the beginning of a whitelisted method.

  The format is `argnum=settingname`:
  `1=foo_setting 2=bar_setting`.

  Argument numbers must start at one and must be sequential.

* Augment
  `Pattern.split(CharSequence)`
  `Pattern.split(CharSequence, int)`,
  `Pattern.splitAsStream(CharSequence)`
  `Pattern.matcher(CharSequence)`
  to take the value of `script.painless.regex.limit-factor` as a
  an injected parameter, limiting as explained above when this
  setting is in use.

Fixes: elastic#49873
@stu-elastic
Replace repeat
2860849
@stu-elastic stu-elastic added :Core/Infra/Scripting Scripting abstractions, Painless, and Mustache backport v7.10.0 labels Oct 5, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 5, 2020

Pinging @elastic/es-core-infra (:Core/Infra/Scripting)

@elasticmachine elasticmachine added the Team:Core/Infra Meta label for core/infra team label Oct 5, 2020
@stu-elastic stu-elastic merged commit 791a9d5 into elastic:7.x Oct 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport :Core/Infra/Scripting Scripting abstractions, Painless, and Mustache Team:Core/Infra Meta label for core/infra team v7.10.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stu-elastic @elasticmachine