git.arvados.org - arvados.git/commit

author	Peter Amstutz <peter.amstutz@curoverse.com>
	Fri, 29 Apr 2016 13:11:15 +0000 (09:11 -0400)
committer	Peter Amstutz <peter.amstutz@curoverse.com>
	Mon, 2 May 2016 20:25:48 +0000 (16:25 -0400)
commit	a829e7e14aa6380616337e0e7dda47c4f9f7022c
tree	d79e9574f89035b29158faff610c1852ec8e1d5d	tree \| snapshot
parent	e1de889290360f6dd5b5fdeab10cea997bcc6962	commit \| diff

8998: Monkey patch URI.decode_www_form_component to validate efficiently.

Rack uses the standard library method URI.decode_www_form_component to process
parameters.  This method first validates the string with a regular expression,
and then decodes it using another regular expression.  Ruby 2.1 and earlier has
a bug is in the validation; the regular expression that is used generates many
backtracking points, which results in exponential memory growth when matching
large strings.  The fix is to monkey-patch the version of the method from Ruby
2.2 which checks that the string is not invalid instead of checking it is
valid.

services/api/config/initializers/fix_www_decode.rb	[new file with mode: 0644]	blob
services/api/test/helpers/time_block.rb		diff \| blob \| history
services/api/test/integration/collections_performance_test.rb		diff \| blob \| history