id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32778	Avoided unnecessary recompilation of token regex in _sanitize_token().	Abhyudai	Abhyudai	"I was looking into the source code of the middleware for some reason, and saw that the regular expression is compiled inside the module. I think compiling it a module level could potentially save some time as the function `_sanitize_token` is called twice inside the function `process_view` for the `CsrfMiddleware` class.

This is the intended patch.


{{{
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index f323ffb..deaf7d8 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -22,6 +22,8 @@ from django.utils.log import log_response
 
 logger = logging.getLogger('django.security.csrf')
 
+ASCII_ALPHANUMERIC_RE = re.compile('[^a-zA-Z0-9]')
+
 REASON_BAD_ORIGIN = ""Origin checking failed - %s does not match any trusted origins.""
 REASON_NO_REFERER = ""Referer checking failed - no Referer.""
 REASON_BAD_REFERER = ""Referer checking failed - %s does not match any trusted origins.""
@@ -107,7 +109,7 @@ def rotate_token(request):
 
 def _sanitize_token(token):
     # Allow only ASCII alphanumerics
-    if re.search('[^a-zA-Z0-9]', token):
+    if ASCII_ALPHANUMERIC_RE.search(token):
         return _get_new_csrf_token()
     elif len(token) == CSRF_TOKEN_LENGTH:
         return token
}}}

I'm not sure how exactly to profile this change. I tried using the [https://github.com/django/djangobench/ djangobench] package after some tinkering to its source code. Since it was reporting changes even on queries, I wasn't sure to trust it. Any leads on this front would be great.

I would be happy to make the change, if this seems reasonable."	Cleanup/optimization	closed	CSRF	3.2	Normal	fixed	middleware, csrf		Ready for checkin	1	0	0	0	1	0