Regex matcher (proto)

.xds.type.matcher.v3.RegexMatcher

[.xds.type.matcher.v3.RegexMatcher proto]

A regex matcher designed for safety when used with untrusted input.

{
  "google_re2": {...},
  "regex": ...
}
google_re2

(.xds.type.matcher.v3.RegexMatcher.GoogleRE2, REQUIRED) Google’s RE2 regex engine.

regex

(string, REQUIRED) The regex match string. The string must be supported by the configured engine.

.xds.type.matcher.v3.RegexMatcher.GoogleRE2

[.xds.type.matcher.v3.RegexMatcher.GoogleRE2 proto]

Google’s RE2 regex engine. The regex string must adhere to the documented syntax. The engine is designed to complete execution in linear time as well as limit the amount of memory used.

Envoy supports program size checking via runtime. The runtime keys re2.max_program_size.error_level and re2.max_program_size.warn_level can be set to integers as the maximum program size or complexity that a compiled regex can have before an exception is thrown or a warning is logged, respectively. re2.max_program_size.error_level defaults to 100, and re2.max_program_size.warn_level has no default if unset (will not check/log a warning).

Envoy emits two stats for tracking the program size of regexes: the histogram re2.program_size, which records the program size, and the counter re2.exceeded_warn_level, which is incremented each time the program size exceeds the warn level threshold.