From fcdd5fd6b05ef537a1db185ab115758d87e1ba3f Mon Sep 17 00:00:00 2001
From: Tuchuanhuhuhu <gzblog@hdu.edu.cn>
Date: Wed, 18 Sep 2024 11:31:31 +0800
Subject: [PATCH] bugfix: Added timeout to mitigate ReDoS issue

---
 modules/utils.py | 4 ++--
 requirements.txt | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/utils.py b/modules/utils.py
index bf7e799a..37dd71b8 100644
--- a/modules/utils.py
+++ b/modules/utils.py
@@ -9,12 +9,12 @@
 import csv
 import threading
 import requests
-import re
 import hmac
 import html
 import hashlib
 
 import gradio as gr
+import regex as re
 import getpass
 from pypinyin import lazy_pinyin
 import tiktoken
@@ -511,7 +511,7 @@ def init_history_list(user_name="", prepend=None):
 def filter_history(user_name, keyword):
     history_names = get_history_names(user_name)
     try:
-        history_names = [name for name in history_names if re.search(keyword, name)]
+        history_names = [name for name in history_names if re.search(keyword, name, timeout=0.01)]
         return gr.update(choices=history_names)
     except:
         return gr.update(choices=history_names)
diff --git a/requirements.txt b/requirements.txt
index 7937a13b..9a4f40ca 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41,3 +41,4 @@ Pillow>=10.1.0
 protobuf==3.20.3
 ollama>=0.1.6
 numexpr
+regex