Skip to content

[Fix] Re2j for code paths that process user regex #6336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Abhijoy-Mandal wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Fix] Re2j for code paths that process user regex #6336

Abhijoy-Mandal wants to merge 2 commits into from

Conversation

@Abhijoy-Mandal
Copy link
Contributor

@Abhijoy-Mandal Abhijoy-Mandal commented Dec 8, 2025

Description

Changes regex evaluator in data-prepper-expression and data-prepper-plugins (key-value-processor, mutate-event-processors, mutate-string-processors, obfuscate-processor, split-event-processor and translate-processor) to Re2J to prevent adversarial regex pattern attacks.

All other instances of regex still use default java regex library as they do not process user-input regex patterns.

Issues Resolved

Resolves #6279

Check List

  • [Y] New functionality includes testing.
  • [N/A] New functionality has a documentation issue. Please link to it in this PR.
    • [N/A] New functionality has javadoc added
  • [Y] Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@Abhijoy-Mandal
Re2j regex engine
4f30e05 
Signed-off-by: Abhijoy Mandal <abhijoym@amazon.com>
@Abhijoy-Mandal
Re2j support for plugins
e149a07 
Signed-off-by: Abhijoy Mandal <abhijoym@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sb2k16 sb2k16 Awaiting requested review from sb2k16 sb2k16 is a code owner

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805 chenqi0805 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@san81 san81 Awaiting requested review from san81 san81 is a code owner

@srikanthjg srikanthjg Awaiting requested review from srikanthjg srikanthjg is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@KarstenSchnitter KarstenSchnitter Awaiting requested review from KarstenSchnitter KarstenSchnitter is a code owner

@dlvenable dlvenable Awaiting requested review from dlvenable dlvenable is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

1 more reviewer

@Arvind-Maan Arvind-Maan Arvind-Maan approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Regex evaluators catastrophic backtracking

2 participants

@Abhijoy-Mandal @Arvind-Maan