Skip to content

GROOVY-12122: Provide a Regex timeout facility#2668

Open
paulk-asert wants to merge 1 commit into
apache:masterfrom
paulk-asert:groovy12122
Open

GROOVY-12122: Provide a Regex timeout facility#2668
paulk-asert wants to merge 1 commit into
apache:masterfrom
paulk-asert:groovy12122

Conversation

@paulk-asert

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR (GROOVY-12122) introduces an opt-in regex timeout facility to help mitigate catastrophic backtracking (ReDoS) by adding a runtime guard and a compile-time AST transform that rewrites Groovy’s regex operators within an annotated scope.

Changes:

  • Added groovy.util.regex.RegexGuard + RegexTimeoutException to enforce evaluation deadlines via a guarded CharSequence.
  • Added @groovy.transform.SafeRegex and SafeRegexASTTransformation to rewrite ==~ / =~ usages in annotated classes/methods/constructors into RegexGuard calls.
  • Added tests covering runtime guard behavior and AST transform rewriting, including timeout and semantic-compatibility cases.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/main/java/groovy/util/regex/RegexGuard.java Implements deadline-guarded regex matching/matcher creation and guarded CharSequence.
src/main/java/groovy/util/regex/RegexTimeoutException.java Introduces the unchecked exception signifying a timeout during guarded evaluation.
src/main/java/groovy/transform/SafeRegex.java Adds the @SafeRegex annotation that enables guarded regex operator rewriting in scope.
src/main/java/org/codehaus/groovy/transform/SafeRegexASTTransformation.java AST transform that rewrites regex operators to RegexGuard calls using the configured timeout.
src/test/groovy/groovy/util/regex/RegexGuardTest.groovy Tests runtime guard behavior (matches, matcher, guard, validation, and timeout behavior).
src/test/groovy/org/codehaus/groovy/transform/SafeRegexTransformTest.groovy Tests AST rewrite coverage and preserves expected operator semantics within annotated scope.

Comment thread src/main/java/groovy/util/regex/RegexGuard.java
Comment thread src/main/java/groovy/util/regex/RegexGuard.java
Comment thread src/main/java/groovy/util/regex/RegexGuard.java
@codecov-commenter

codecov-commenter commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 82.35294% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.5741%. Comparing base (faee99b) to head (b43a2a6).
⚠️ Report is 6 commits behind head on master.

Files with missing lines Patch % Lines
...s/groovy/transform/SafeRegexASTTransformation.java 77.7778% 2 Missing and 6 partials ⚠️
src/main/java/groovy/util/regex/RegexGuard.java 86.6667% 1 Missing and 3 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@                Coverage Diff                 @@
##               master      #2668        +/-   ##
==================================================
+ Coverage     68.5706%   68.5741%   +0.0035%     
- Complexity      33808      33842        +34     
==================================================
  Files            1524       1527         +3     
  Lines          128141     128238        +97     
  Branches        23292      23306        +14     
==================================================
+ Hits            87867      87938        +71     
- Misses          32472      32492        +20     
- Partials         7802       7808         +6     
Files with missing lines Coverage Δ
.../java/groovy/util/regex/RegexTimeoutException.java 100.0000% <100.0000%> (ø)
src/main/java/groovy/util/regex/RegexGuard.java 86.6667% <86.6667%> (ø)
...s/groovy/transform/SafeRegexASTTransformation.java 77.7778% <77.7778%> (ø)

... and 46 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@testlens-app

testlens-app Bot commented Jul 5, 2026

Copy link
Copy Markdown

✅ All tests passed ✅

🏷️ Commit: b43a2a6
▶️ Tests: 30783 executed
⚪️ Checks: 31/31 completed


Learn more about TestLens at testlens.app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants