New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`crowdsecurity/thinkphp-cve-2018-20062` is very slow as it doesn't use RegexpInFile (and I'm not even sure it deserves to be a regexp) #910

Open

buixor opened this issue Jan 10, 2024 · 0 comments

Contributor

buixor commented Jan 10, 2024

While benching unrelated issues for crowdsecurity/crowdsec#2669 we discovered that the thinkphp scenario, because it's old, does:

evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("thinkphp_cve_2018-20062.txt"), {Upper(evt.Meta.http_path) matches Upper(#)})

Because of how expr works, the regexps get compiled every time the expression is evaluated.

From a quick bench, it can lead to >25% overall speed increase when processing HTTP logs.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment