Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.16] [Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388) #200095

Merged
merged 1 commit into from
Nov 13, 2024

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.16:

Questions ?

Please refer to the Backport tool documentation

…e `upgrade/_review` endpoint (elastic#199388)

**Fixes elastic#199290

## Summary

The current multi-line string algorithm uses a very inefficient regex to
split and analyze string fields, and exponentially increases in time
complexity when the strings are long. This PR substitutes a much simpler
comparison regex for far better efficiency as shown in the table below.

### Performance between different regex options using sample prebuilt
rule setup guide string

| | `/(\S+\|\s+)/g` (original) | `/(\s+)/g` | `/(\n)/g` |
`/(\r\n\|\n\|\r)/g` |

|-----------------------|---------------|----------|---------|-------------------|
| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |
| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |
| FTR test with 5 rules | `11.6s`        | `6.8s`    | `6.1s`   |  |

### Performance between different regex options using intentionally long
strings (25k characters)

|                      | `/(\S+\|\s+)/g`       | `/(\r\n\|\n\|\r)/g` |
|----------------------|-----------------------|---------------------|
| Unit test speed      | `1049414ms` (17 min)  | `58ms`              |
| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s`             |

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Georgii Gorbachev <[email protected]>
(cherry picked from commit 4f6d357)
@kibanamachine kibanamachine merged commit bc4427b into elastic:8.16 Nov 13, 2024
40 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

cc @dplumlee

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants