suyiiyii
/
yq
mirror of https://github.com/mikefarah/yq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
yq/pkg/yqlib
History
Peter Matseykanets dd259b4957 Make deepMatch report in linear time 
The current implementation of the deepMatch() has the exponential runtime.
Given the long enough input and the pattern with multiple wildcards
it takes a while if ever to complete which can potentially be used
maliciously to cause a denial of service (cpu and memory consumption).

E.g. running this in the root of this repository
time yq eval '.jobs.publishDocker.steps.[] | select (.run == "****outputs")' .github/workflows/release.yml
gives on my laptop
25.11s user 0.06s system 99% cpu 25.182 total

Whereas the updated implementation gives
0.01s user 0.01s system 36% cpu 0.049 total

There are numerous similar CVEs reported for glob evaluation in
different shells/ftp-servers/libraries.

The replacement implementation with the linear runtime is shamelessly taken
verbatim from the briliant article by Russ Cox https://research.swtch.com/glob
 		2021-10-14 18:45:25 +11:00
..
doc Speed up multiply 2021-10-11 14:46:46 +11:00
all_at_once_evaluator.go Fixed merge comment issue #919 2021-08-26 16:31:26 +10:00
all_at_once_evaluator_test.go Moved eval function to eval interface 2021-02-11 10:58:40 +11:00
candidate_node.go Fixes delete issue #793 2021-04-25 12:05:56 +10:00
color_print.go Cleaning up exposed public api 2021-02-11 10:58:40 +11:00
context.go Slight performance improvement to context.ChildContext 2021-10-11 12:56:27 +11:00
data_tree_navigator.go Pass context through operators 2021-02-11 10:58:40 +11:00
encoder.go Don't escape HTML chars when converting to json 2021-02-11 10:58:40 +11:00
encoder_properties.go Added properties encoder test 2021-07-27 21:51:27 +10:00
encoder_properties_test.go Added properties encoder test 2021-07-27 21:51:27 +10:00
encoder_test.go Don't escape HTML chars when converting to json 2021-02-11 10:58:40 +11:00
expression_parser.go Improved lexer performance! 2021-02-25 16:47:55 +11:00
expression_parser_test.go Added missing closing bracket error check 2021-09-12 15:49:50 +10:00
expression_postfix.go Added missing closing bracket error check 2021-09-12 15:49:50 +10:00
expression_processing_test.go Fixed with semicolon space issue 2021-09-15 22:24:03 +10:00
expression_tokeniser.go Speed up multiply 2021-10-11 14:46:46 +11:00
file_utils.go Added front-matter handler 2021-07-18 12:28:46 +10:00
front_matter.go More efficient front matter processor 2021-07-20 10:38:42 +10:00
front_matter_test.go More efficient front matter processor 2021-07-20 10:38:42 +10:00
lib.go Added contains operator 2021-09-15 15:18:10 +10:00
matchKeyString.go Make deepMatch report in linear time 2021-10-14 18:45:25 +11:00
matchKeyString_test.go Make deepMatch report in linear time 2021-10-14 18:45:25 +11:00
operator_add.go Can process hex numbers 2021-09-02 15:26:44 +10:00
operator_add_test.go Update append array docs 2021-07-07 15:36:43 +10:00
operator_alternative.go Fixing alternative op bug #930 2021-09-02 15:36:23 +10:00
operator_alternative_test.go Fixing alternative op bug #930 2021-09-02 15:36:23 +10:00
operator_anchors_aliases.go Sped up explode operator 2021-10-11 10:41:15 +11:00
operator_anchors_aliases_test.go (wip) regex match op 2021-07-09 14:58:31 +10:00
operator_assign.go Fixes #870 2021-07-07 19:22:55 +10:00
operator_assign_test.go Added another |= example 2021-07-07 19:53:33 +10:00
operator_booleans.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:17:13 +10:00
operator_booleans_test.go Added more tests 2021-06-10 09:53:50 +10:00
operator_collect.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_collect_object.go Updated var to work like jq #934 2021-09-12 16:55:55 +10:00
operator_collect_object_test.go Fixes update-assign with collect object issue #830 2021-05-22 08:22:45 +10:00
operator_collect_test.go Fixes update-assign with collect object issue #830 2021-05-22 08:22:45 +10:00
operator_comments.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:17:13 +10:00
operator_comments_test.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:17:13 +10:00
operator_contains.go Added contains operator 2021-09-15 15:18:10 +10:00
operator_contains_test.go Added contains operator 2021-09-15 15:18:10 +10:00
operator_create_map.go Fixed alternative operator when LHS has empty matches 2021-04-13 10:53:46 +10:00
operator_create_map_test.go Fixed empty array op 2020-11-22 13:50:32 +11:00
operator_delete.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:17:13 +10:00
operator_delete_test.go Fixes delete issue #793 2021-04-25 12:05:56 +10:00
operator_document_index.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_document_index_test.go Added shorthand document index selection 2021-02-11 10:58:40 +11:00
operator_entries.go Fixed null issue with entry operators 2021-05-10 10:42:43 +10:00
operator_entries_test.go Fixing entries test 2021-06-08 21:50:14 +10:00
operator_env.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_env_test.go Env Ops! 2021-02-11 10:58:40 +11:00
operator_equals.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:36:13 +10:00
operator_equals_test.go Fixed issue on creating objects using [] 2021-06-11 14:27:44 +10:00
operator_file.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_file_test.go Added context variable for reduce 2021-02-15 17:31:12 +11:00
operator_has.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:17:13 +10:00
operator_has_test.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:00:30 +10:00
operator_keys.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_keys_test.go Added keys operator 2021-02-11 10:58:40 +11:00
operator_length.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_length_test.go Fixed length of null to be zero 2021-02-11 10:58:40 +11:00
operator_multiply.go Speed up multiply 2021-10-11 14:46:46 +11:00
operator_multiply_test.go Speed up multiply 2021-10-11 14:46:46 +11:00
operator_path.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_path_test.go Fixed nested array splat path 2020-12-25 12:49:05 +11:00
operator_pipe.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_pipe_test.go Added pipe and length docs, fix pipe precedence 2020-12-01 17:58:07 +11:00
operator_recursive_descent.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_recursive_descent_test.go Fixed creation of candidateNode in operators to include file metadata 2021-02-11 10:58:40 +11:00
operator_reduce.go nicer reduce example 2021-02-15 18:23:50 +11:00
operator_reduce_test.go nicer reduce example 2021-02-15 18:23:50 +11:00
operator_select.go Fixed select bug (#958) 2021-10-07 15:04:36 +11:00
operator_select_test.go Fixed select bug (#958) 2021-10-07 15:04:36 +11:00
operator_self.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_sort_keys.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:00:30 +10:00
operator_sort_keys_test.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:00:30 +10:00
operator_split_document.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_split_document_test.go Split doc operator 2021-02-11 10:58:40 +11:00
operator_strings.go Added capture regex operator 2021-07-11 11:08:18 +10:00
operator_strings_test.go Improving reg ex doc 2021-07-16 10:18:25 +10:00
operator_style.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 15:02:31 +10:00
operator_style_test.go Added with operator 2021-09-12 21:52:02 +10:00
operator_subtract.go Adding subtraction support for arrays 2021-09-07 16:58:34 +10:00
operator_subtract_test.go Adding subtraction support for arrays 2021-09-07 16:58:34 +10:00
operator_tag.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 15:02:31 +10:00
operator_tag_test.go Fixed tag operator for top level node 2021-02-11 10:58:40 +11:00
operator_traverse_path.go Fixed issue on creating objects using [] 2021-06-11 14:27:44 +10:00
operator_traverse_path_test.go Fixed newline issue https://github.com/mikefarah/yq/issues/855 2021-06-12 08:26:27 +10:00
operator_union.go Fixed union infinite loop #930 2021-09-05 11:07:40 +10:00
operator_union_test.go Fixed union infinite loop #930 2021-09-05 11:07:40 +10:00
operator_unique.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:00:30 +10:00
operator_unique_test.go Fixing readonly ops not to modify context when paths dont exist 2021-05-16 14:00:30 +10:00
operator_value.go Pass context through operators 2021-02-11 10:58:40 +11:00
operator_value_test.go Can process hex numbers 2021-09-02 15:26:44 +10:00
operator_variables.go Updated var to work like jq #934 2021-09-12 16:55:55 +10:00
operator_variables_test.go Added with operator 2021-09-12 21:52:02 +10:00
operator_with.go Added with operator 2021-09-12 21:52:02 +10:00
operator_with_test.go Updating with documentation 2021-09-16 10:55:26 +10:00
operators.go Extract out compound assign logic, use it add and subtract ops 2021-07-07 20:00:46 +10:00
operators_test.go Properties encoder wip 2021-07-25 18:08:33 +10:00
printer.go Added shorthand output formats 2021-08-20 15:46:33 +10:00
printer_test.go Properties encoder wip 2021-07-25 18:08:33 +10:00
stream_evaluator.go Better way of processing leading content 2021-07-20 10:19:55 +10:00
utils.go Better way of processing leading content 2021-07-20 10:19:55 +10:00
write_in_place_handler.go Added front-matter handler 2021-07-18 12:28:46 +10:00