From b5d87c67b368610fd5c95d1740725578bec74249 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Thu, 11 May 2023 09:40:02 +0200
Subject: [PATCH] fix(regex): limit regex manager iterations to 10k to avoid
 OoM (#22084)

---
 lib/modules/manager/regex/utils.spec.ts | 14 ++++++++++++++
 lib/modules/manager/regex/utils.ts      |  8 +++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 lib/modules/manager/regex/utils.spec.ts

diff --git a/lib/modules/manager/regex/utils.spec.ts b/lib/modules/manager/regex/utils.spec.ts
new file mode 100644
index 00000000000000..8e40e3a5ff69db
--- /dev/null
+++ b/lib/modules/manager/regex/utils.spec.ts
@@ -0,0 +1,14 @@
+import { regEx } from '../../../util/regex';
+import * as utils from './utils';
+
+describe('modules/manager/regex/utils', () => {
+  it('does not crash for lazy regex', () => {
+    const lazyMatch = regEx('(?<currentDigest>.*?)', 'g');
+    expect(
+      utils.regexMatchAll(
+        lazyMatch,
+        '1f699d2bfc99bbbe4c1ed5bb8fc21e6911d69c6e\n'
+      )
+    ).toBeArray();
+  });
+});
diff --git a/lib/modules/manager/regex/utils.ts b/lib/modules/manager/regex/utils.ts
index 8f9a2743fcd219..ca5470b9f0d37f 100644
--- a/lib/modules/manager/regex/utils.ts
+++ b/lib/modules/manager/regex/utils.ts
@@ -85,12 +85,18 @@ export function regexMatchAll(
 ): RegExpMatchArray[] {
   const matches: RegExpMatchArray[] = [];
   let matchResult: RegExpMatchArray | null;
+  let iterations = 0;
+  const maxIterations = 10000;
   do {
     matchResult = regex.exec(content);
     if (matchResult) {
       matches.push(matchResult);
     }
-  } while (matchResult);
+    iterations += 1;
+  } while (matchResult && iterations < maxIterations);
+  if (iterations === maxIterations) {
+    logger.warn('Max iterations reached for matchStrings');
+  }
   return matches;
 }