Opened 5 weeks ago
Last modified 5 weeks ago
#35675 new Cleanup/optimization
Reduce impact of parsing crafted templates with repeat tags
| Reported by: | Jake Howard | Owned by: | |
|---|---|---|---|
| Component: | Template system | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The template system uses a regex to extract template tags from text. Given certain inputs, this can take an excessive amount of time:
In [2]: %timeit Template("{%" * 2000) 34.7 ms ± 153 µs per loop (mean ± std. dev. of 7 runs, 10 loops each) In [3]: %timeit Template("{%" * 10000) 877 ms ± 1.49 ms per loop (mean ± std. dev. of 7 runs, 1 loop each) In [4]: %timeit Template("{%" * 20000) 3.49 s ± 47 ms per loop (mean ± std. dev. of 7 runs, 1 loop each) In [5]: %timeit Template("{%") 11.5 µs ± 55.3 ns per loop (mean ± std. dev. of 7 runs, 100,000 loops each)
The cause is excessive backtracking in the pattern used. Since the template system is so versatile and performance-critical, fixing the issue appears non-trivial.
Note: This bug was raised with the Security Team prior to opening, however was not deemed a security vulnerability since parsing untrusted (or semi-trusted) templates is explicitly warned against.
Change History (1)
comment:1 by , 5 weeks ago
| Triage Stage: | Unreviewed → Accepted |
|---|---|
| Type: | Bug → Cleanup/optimization |
| Version: | → dev |
Note:
See TracTickets
for help on using tickets.
Thank you Jake for taking the time to create this report. Accepting following the conversation within the Security Team.