Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default QueryFilter has a very slow RegEx on certain inputs #1838

Closed
aukevanleeuwen opened this issue May 16, 2024 · 2 comments · Fixed by #1839
Closed

Default QueryFilter has a very slow RegEx on certain inputs #1838

aukevanleeuwen opened this issue May 16, 2024 · 2 comments · Fixed by #1839
Labels
Bug

Comments

@aukevanleeuwen
Copy link
Contributor

aukevanleeuwen commented May 16, 2024
edited
Loading

I was sending some requests with curl to an application that had logbook enabled and noticed quite terrible performance.

curl by default will send data with a Content-Type: application/x-www-form-urlencoded, by default this triggers a QueryFilter that will try to parse the content and look for client_secret and password in the body and obfuscate that.

In the end this will end up parsing the body with this Pattern:

logbook/logbook-core/src/main/java/org/zalando/logbook/core/QueryFilters.java

Line 60 in 8fa25bb

final Pattern pattern = compile("(?<name>[^&]*?)=(?<value>[^&]*)");

I debugged the regex (with PCRE, not Java but seems to have roughly the same performance) and the amount of steps is exponential with the body size. This matches my experience as well. Sending a 100K body took about 4s if I recall correctly, sending 1MB would take minutes.

Btw: it largely depends on the body. If your body actually has a lot of parameters, so lots of stuff separated by &, it's much less of a problem. If it has just a large text of some sort, it will blow up.

Description

Why I consider this a bug: I think there is no reason for a regex that will has O(n^2) complexity.

Expected Behavior

To be faster! :-D

Actual Behavior

It's slow.

Steps to Reproduce

  1. Have an application that you can send big request bodies to
  2. Send a request with a large body
  3. wait
aukevanleeuwen added a commit to aukevanleeuwen/logbook that referenced this issue May 16, 2024
@aukevanleeuwen
Improve performance of query filters (especially on large bodies)
fde0074 
Fixes: zalando#1838
@aukevanleeuwen aukevanleeuwen mentioned this issue May 16, 2024
Merged
6 tasks
@aukevanleeuwen
Copy link
Contributor Author

Here's my CPU struggling on doing RegEx stuff on large inputs:

image

@aukevanleeuwen
Copy link
Contributor Author

For future readers: this default behaviour can be disabled by setting logbook.filters.body.default-enabled to false.

aukevanleeuwen added a commit to aukevanleeuwen/logbook that referenced this issue May 27, 2024
@aukevanleeuwen
Improve performance of query filters (especially on large bodies)
678f2c8 
Fixes: zalando#1838
aukevanleeuwen added a commit to aukevanleeuwen/logbook that referenced this issue May 27, 2024
@aukevanleeuwen
Improve performance of query filters (especially on large bodies)
c2a2a29 
Fixes: zalando#1838
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve performance of query filters (especially on large bodies) aukevanleeuwen/logbook
1 participant
@aukevanleeuwen