Peter Matseykanets
dd259b4957
Make deepMatch report in linear time
...
The current implementation of the deepMatch() has the exponential runtime.
Given the long enough input and the pattern with multiple wildcards
it takes a while if ever to complete which can potentially be used
maliciously to cause a denial of service (cpu and memory consumption).
E.g. running this in the root of this repository
time yq eval '.jobs.publishDocker.steps.[] | select (.run == "****outputs")' .github/workflows/release.yml
gives on my laptop
25.11s user 0.06s system 99% cpu 25.182 total
Whereas the updated implementation gives
0.01s user 0.01s system 36% cpu 0.049 total
There are numerous similar CVEs reported for glob evaluation in
different shells/ftp-servers/libraries.
The replacement implementation with the linear runtime is shamelessly taken
verbatim from the briliant article by Russ Cox https://research.swtch.com/glob
2021-10-14 18:45:25 +11:00
Chris Kerr
2da2001651
Update README with recently added / changed options
...
In particular, remove reference to the deprecated `--tojson` option.
2021-10-14 18:40:58 +11:00
Mike Farah
d363963f98
Bump version
2021-10-11 14:50:17 +11:00
Mike Farah
ed4d888bfa
Speed up multiply
2021-10-11 14:46:46 +11:00
Mike Farah
79bc1f95cb
Slight performance improvement to context.ChildContext
2021-10-11 12:56:27 +11:00
Mike Farah
4a4aae00af
Sped up explode operator
2021-10-11 10:41:15 +11:00
Mike Farah
839f795710
Fixed select bug ( #958 )
2021-10-07 15:04:36 +11:00
Emmanuel Bourg
e87808683a
Skip the tests if the nocheck Debian build option is specified
2021-10-07 13:44:16 +11:00
Emmanuel Bourg
bec30e910f
Fix a typo in root.go
2021-10-07 13:43:57 +11:00
Mike Farah
b8aeb76f29
Bump version
2021-10-02 15:14:45 +10:00
Mike Farah
989b11764d
Updating to go 1.17 to fix CVE #944
2021-10-02 15:12:57 +10:00
Mike Farah
e052ff8025
New release with docker build fixes
2021-09-20 11:58:21 +10:00
Mike Farah
111c1a0e4a
Fixed docker timeout - simplify docker builds
2021-09-20 11:57:05 +10:00
Mike Farah
222bfd3d17
Bumping version
2021-09-20 10:40:27 +10:00
Mike Farah
4123669efe
Help text tweak
2021-09-20 09:57:41 +10:00
Mike Farah
7caefc8521
minor readme cleanup
2021-09-20 09:55:35 +10:00
Roberto Mier Escandon
91018683bf
Bump deb to version 4.13.0
2021-09-17 08:44:13 +10:00
Mike Farah
282d047dc2
Added STDIN example to the top
2021-09-17 08:38:10 +10:00
Mike Farah
b68e6adce9
Added STDIN example to the top
2021-09-17 08:37:28 +10:00
Mike Farah
43e40a6dda
Updating with documentation
2021-09-16 10:55:26 +10:00
Mike Farah
2292f0ffb4
Fixed with semicolon space issue
2021-09-15 22:24:03 +10:00
Mike Farah
3339562aa2
Bumping version
2021-09-15 15:19:19 +10:00
Mike Farah
2db8140d7f
Added contains operator
2021-09-15 15:18:10 +10:00
Mike Farah
5f154eb1b6
Update release notes
2021-09-12 21:59:57 +10:00
Mike Farah
084a0f6f1e
Merge branch 'subtract'
2021-09-12 21:59:07 +10:00
Mike Farah
457c977e61
Update release notes
2021-09-12 21:53:50 +10:00
Mike Farah
6002604251
Added with operator
2021-09-12 21:52:02 +10:00
Mike Farah
0c3334d838
Draft release notes
2021-09-12 17:01:11 +10:00
Mike Farah
b2ee131a4c
Updated var to work like jq #934
2021-09-12 16:55:55 +10:00
Mike Farah
1cfbbde796
Added missing closing bracket error check
2021-09-12 15:49:50 +10:00
YABATANIEN, Murichaduke
25ba763b08
supports multiline output
2021-09-12 13:09:54 +10:00
Mike Farah
13c42db238
Adding subtraction support for arrays
2021-09-07 16:58:34 +10:00
Mike Farah
6ba8dc75a6
Bumping version
2021-09-05 11:11:51 +10:00
Mike Farah
3543a2dbdc
Fixed union infinite loop #930
2021-09-05 11:07:40 +10:00
Mike Farah
8941573c1a
Fixing alternative op bug #930
2021-09-02 15:36:23 +10:00
Mike Farah
eea2c97cd8
Can process hex numbers
2021-09-02 15:26:44 +10:00
Mike Farah
f848e334ee
Clarifying readme
2021-08-27 12:30:22 +10:00
Mike Farah
b72d225092
Bumping version
2021-08-27 09:33:57 +10:00
Mike Farah
cb95ab1494
Fixed merge comment issue #919
2021-08-26 16:31:26 +10:00
Mike Farah
063d40de25
Fixing pipeline
2021-08-25 10:09:44 +10:00
Mike Farah
fe12407c93
Bumping version
2021-08-20 16:03:59 +10:00
Mike Farah
d18aa3e9e0
Added shorthand output formats
2021-08-20 15:46:33 +10:00
Mike Farah
10d4eb3381
Updated to use -o for output format
2021-08-20 13:35:57 +10:00
Mike Farah
043e9128d7
Pretty Print tests
2021-08-20 12:23:35 +10:00
Mike Farah
43f47c4ed9
wip - pretty print 1.1 compat mode
2021-08-20 12:23:35 +10:00
Mike Farah
4ba96d902b
Fixed document header/footer comment handling when merging
2021-08-17 09:54:12 +10:00
Mike Farah
d2e89f7c72
Updated README to include instructions on docker
2021-08-15 21:22:39 +10:00
Mike Farah
9de0d0aae1
Adding string readme
2021-08-01 18:47:04 +10:00
Mike Farah
669f6cf127
Added properties encoder test
2021-07-27 21:51:27 +10:00
Mike Farah
8c1a96d121
Properties encoder wip
2021-07-25 18:08:33 +10:00