)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28522,"name":"Hervé Beraud","email":"herveberaud.pro@gmail.com","username":"hberaud"},"change_message_id":"a8497539cc72bafcac65ce0874f1d6dead386c25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f7b8b14f_8bc97d6b","updated":"2024-02-12 15:42:53.000000000","message":"I did not yet +W to let you know about my inline comment.","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b14b9b0d47b9857124745a7de7a93fd43e05806d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"856d9217_c4493e86","updated":"2024-02-13 05:27:01.000000000","message":"recheck unrelated failure","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"6a2a6851c3eccbf68564814d0d234dce4adb7dc9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"ad812731_d3a28ca1","updated":"2024-02-13 02:23:04.000000000","message":"recheck unrelated failures","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"e3d588de2f04a463f6c79d306c091eab9bff1e27","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"b9394386_8d227ae7","updated":"2024-02-06 10:10:52.000000000","message":"should probably add some testing for this, but otherwise lgtm","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"}],"tooz/drivers/redis.py":[{"author":{"_account_id":28522,"name":"Hervé Beraud","email":"herveberaud.pro@gmail.com","username":"hberaud"},"change_message_id":"a8497539cc72bafcac65ce0874f1d6dead386c25","unresolved":true,"context_lines":[{"line_number":422,"context_line":"    @classmethod"},{"line_number":423,"context_line":"    def _parse_sentinel(cls, sentinel):"},{"line_number":424,"context_line":"        # IPv6 (eg. [::1]:6379 )"},{"line_number":425,"context_line":"        match \u003d re.search(r\u0027\\[(\\S+)\\]:(\\d+)\u0027, sentinel)"},{"line_number":426,"context_line":"        if match:"},{"line_number":427,"context_line":"            return (match[1], int(match[2]))"},{"line_number":428,"context_line":"        # IPv4 or hostname (eg. 127.0.0.1:6379 or localhost:6379)"}],"source_content_type":"text/x-python","patch_set":4,"id":"0664a4b9_da05e7db","line":425,"range":{"start_line":425,"start_character":28,"end_line":425,"end_character":43},"updated":"2024-02-12 15:42:53.000000000","message":"Same remark that the one I made on oslo.cache side (https://review.opendev.org/c/openstack/oslo.cache/+/907336/21).\n\nThis regex, and the following one, are vulnerable to ReDoS (https://en.wikipedia.org/wiki/ReDoS)\n\nYou can check them here https://devina.io/redos-checker\n\nHowever, in the current context, I don\u0027t think that that\u0027s really an issue.\nIndeed, these checks are launch at startup so, IMO, it is unlikely that a ReDoS attack can be triggered by using this vector.\n\nIf these regex would be used on input validation each time users send something, that would be a security issue.","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b9a83222ddb16f6bd53167f83183468859ffc11a","unresolved":true,"context_lines":[{"line_number":422,"context_line":"    @classmethod"},{"line_number":423,"context_line":"    def _parse_sentinel(cls, sentinel):"},{"line_number":424,"context_line":"        # IPv6 (eg. [::1]:6379 )"},{"line_number":425,"context_line":"        match \u003d re.search(r\u0027\\[(\\S+)\\]:(\\d+)\u0027, sentinel)"},{"line_number":426,"context_line":"        if match:"},{"line_number":427,"context_line":"            return (match[1], int(match[2]))"},{"line_number":428,"context_line":"        # IPv4 or hostname (eg. 127.0.0.1:6379 or localhost:6379)"}],"source_content_type":"text/x-python","patch_set":4,"id":"4ba659e7_c66c9ed3","line":425,"range":{"start_line":425,"start_character":28,"end_line":425,"end_character":43},"in_reply_to":"0664a4b9_da05e7db","updated":"2024-02-13 00:34:52.000000000","message":"This is used to parse a config value and is not exposed to user input. so I think we don\u0027t expect the said risk.","commit_id":"2c0d37c2e58456ccaa5660f82f708166e21b2502"}]}
