Summary

The regular expression used in getCodeLocation may run slow on strings starting with '(' and with many repetitions of '(('. So, we need to prevent this behaviour by modifying the regular expression

Why is this needed?

Some regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length n is proportional to nk or even 2n. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service ("DoS") attack by crafting an expensive input string for the regular expression to match.

Which area does this relate to?

Logger

Solution

Updating the regular expression (adding an additional ( to the first capture group) to the following might prevent such catastrophic backtracking:

From:

const regex = /\(([^)]*?):(\d+?):(\d+?)\)\\?$/;

To:

const regex = /\(([^()]*?):(\d+?):(\d+?)\)\\?$/;

Acknowledgment

• This request meets Powertools for AWS Lambda (TypeScript) Tenets
• Should this be considered in other Powertools for AWS Lambda languages? i.e. Python, Java, and .NET

Future readers

Please react with 👍 and your use case to help us understand customer demand.