This repository has been archived by the owner on Jan 28, 2023. It is now read-only.
Gracefully handling reDOS attacks #130
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
Recently my application was hit with a ReDos attack. Below is the User Agent string in question. When attempting to parse, the library hangs indefinitely. I was able to code around this issue by kicking off the parser in a background thread using an executor with a timeout. However, it would be awesome if the library itself handled this.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500The text was updated successfully, but these errors were encountered: