Parsing an unclosed string can take a very long time (likely exponential in the length of the string)
giuli007 opened this issue · comments
I have found that using hcl2.loads on a string that contains a variable that is assigned to a string that is missing the closing double quote " can take a long time before erroring with lark.exceptions.UnexpectedCharacters: No terminal defined for '"' at line 1 col 14
e.g. a simple snippet like
a_variable = "0123456789abcdef
takes 37s on my pretty big-sized machine.
I've tested this with python-hcl2==2.0.0 and the latest python-hcl2==3.0.1
The following script shows how long it takes before the library throws an exception with invalid strings of increasing lenght.
import time
import hcl2
def test(s):
code = 'a_variable = "{}'.format(s)
try:
hcl2.loads(code)
except:
pass
for s in ['0123456789ab', '0123456789abc', '0123456789abcd', '0123456789abcde', '0123456789abcdef']:
start = time.time()
test(s)
print('{:<16} of length {} took {}'.format(s, len(s), time.time() - start))
# outputs:
# 0123456789ab of length 12 took 0.46656274795532227
# 0123456789abc of length 13 took 1.3698146343231201
# 0123456789abcd of length 14 took 4.1063151359558105
# 0123456789abcde of length 15 took 12.480230569839478
# 0123456789abcdef of length 16 took 37.197903871536255