Skip to content

fix: potential super-linear regular expressions#463

Merged
lumirlumir merged 1 commit intoeslint:mainfrom
ericcornelissen:patch-1
Jul 18, 2025
Merged

fix: potential super-linear regular expressions#463
lumirlumir merged 1 commit intoeslint:mainfrom
ericcornelissen:patch-1

Conversation

@ericcornelissen
Copy link
Copy Markdown
Contributor

@ericcornelissen ericcornelissen commented Jul 14, 2025

Prerequisites checklist

What is the purpose of this pull request?

Improve regular expressions in this repository that could match with unexpected overhead for certain inputs.

What changes did you make? (Give an overview)

I have improved 3 regular expressions that could match in super-linear runtime for certain inputs. In the order of the changed files, the following test vectors demonstrate the improved runtime:

  1. "# example" + " ".repeat(100_000) + "?#"
  2. "[".repeat(100_000) + "x"
  3. a. "<div>" + "<".repeat(100_000) + "x</div>" (for (?<!<))
    b. "<div><" + " ".repeat(100_000) + " x</div>" (for \s)

I found (using js-re-scan) four more candidate regular expressions with potential super-linear runtime. 1 for no-invalid-label-refs which appears to be a false positive because all input strings are safe after sliceing. The other three (in no-multiple-h1, no-reversed-media-syntax, require-alt-text) I was not able to confirm nor refute.

Related Issues

refs eslint/rewrite#240

Is there anything you'd like reviewers to focus on?

no

@lumirlumir lumirlumir requested a review from a team July 15, 2025 03:41
@fasttime fasttime added this to Triage Jul 15, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage Jul 15, 2025
@fasttime
Copy link
Copy Markdown
Member

fasttime commented Jul 15, 2025

Thanks for the pull request. Could you also add unit tests to show that the problems has been fixed? Each .js file under src/rules should have a matching .test.js file under tests/rules. You could simply use the snippets shown in the PR description to create new test cases.

@fasttime fasttime moved this from Needs Triage to Implementing in Triage Jul 15, 2025
@lumirlumir
Copy link
Copy Markdown
Member

lumirlumir commented Jul 15, 2025

Hi everyone :)

I'm not very familiar with this area, so I have a quick question about this PR. (This isn't a blocking comment—just asking out of curiosity.)

Is this PR related to a potential security issue?

We had a security concern recently that was resolved here: GHSA-7q7g-4xm8-89cq

Does this PR address the same issue I mentioned above?

@ericcornelissen
Copy link
Copy Markdown
Contributor Author

ericcornelissen commented Jul 15, 2025

@fasttime updated, though the 30s timeout in this project means bigger test vectors than eslint/rewrite#240 are required. Also, these large test vectors kinda clutter the test output for this project...

@lumirlumir please see GHSA-xffm-g5w8-qvg7.

@ericcornelissen ericcornelissen mentioned this pull request Jul 15, 2025
Closed
1 task
fasttime
fasttime reviewed Jul 16, 2025
View reviewed changes
fasttime
fasttime reviewed Jul 16, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@fasttime fasttime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't say if the 30 seconds timeout is still needed in this project. To avoid cluttering the output, an option is to run ESLint directly. The test could just check that no timeout occurs. For example:

import { Linter } from "eslint";

it("should not timeout for large inputs", () => {
	const linter = new Linter();
	linter.verify(`# example${" ".repeat(500_000)}?#`, {
		language: "markdown/commonmark",
		plugins: { markdown },
		rules: { "markdown/no-duplicate-headings": "error" },
	});
});

fasttime
fasttime reviewed Jul 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@fasttime fasttime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes to the regular expressions are looking good. I left a couple of suggestions about the tests.

@ericcornelissen
fix: potential super-linear regular expressions
8d5cf79 
Improve regular expressions that could match in super-linear runtime for
certain inputs.
fasttime
fasttime approved these changes Jul 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@fasttime fasttime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! I would like another review from a team member.

@fasttime fasttime moved this from Implementing to Second Review Needed in Triage Jul 17, 2025
@fasttime fasttime requested a review from a team July 17, 2025 16:50
lumirlumir
lumirlumir approved these changes Jul 18, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@lumirlumir lumirlumir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks!

@lumirlumir lumirlumir merged commit bc82567 into eslint:main Jul 18, 2025
23 checks passed
@github-project-automation github-project-automation bot moved this from Second Review Needed to Complete in Triage Jul 18, 2025
@github-actions github-actions bot mentioned this pull request Jul 17, 2025
Merged
@lumirlumir lumirlumir mentioned this pull request Jul 21, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fasttime fasttime fasttime approved these changes

@lumirlumir lumirlumir lumirlumir approved these changes

Assignees

No one assigned

Labels

accepted bug contributor pool

Projects

Triage
Status: Complete

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ericcornelissen @fasttime @lumirlumir