Inefficient regular expression

[sebix]

Found by CodeQL:

intelmq/intelmq/bots/parsers/sucuri/parser.py

Line 25 in 6991597

remove_comments = re.compile(r"<!--(.|\s|\n)*?-->")

This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '\n'.

Some regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length n is proportional to nk or even 2n. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service ("DoS") attack by crafting an expensive input string for the regular expression to match.

Tracking issue for:

• https://github.com/certtools/intelmq/security/code-scanning/3

[monoidic]

Would this work?

remove_comments = re.compile(r"<!--.*?-->", re.DOTALL)

[sebix]

Maybe even "<!--([^\s\n]|\s|\n)*?-->" works by preventing the ambiguity of the first and the other alternative matches, but the re.DOTALL approach definitely is smarter :)