Gracefully handling reDOS attacks

Recently my application was hit with a ReDos attack. Below is the User Agent string in question. When attempting to parse, the library hangs indefinitely. I was able to code around this issue by kicking off the parser in a background thread using an executor with a timeout. However, it would be awesome if the library itself handled this.

`Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500 OWASMIME/4.0500`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Gracefully handling reDOS attacks #130

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Gracefully handling reDOS attacks #130

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions