Skip to content
Snippets Groups Projects

Set Global timeout for Regexp to prevent ReDOS

Merged Aboobacker MK requested to merge redos_protection into master
1 file
+ 4
0
Compare changes
  • Side-by-side
  • Inline
  • b0e47988
    Ruby version 3.2 and above provides global configuration to prevent
    ReDoS by setting timeout. While we should still avoid writing vulnerable
    regular expressions, this will significantly reduce the attack surface.
    
    Changelog: security
+ 4
0
# frozen_string_literal: true
# Timeout if Regular expression takes more than one seconds to compute
Regexp.timeout = 1.0 if RUBY_VERSION > "3.2"
Loading