Package org.mockserver.matchers

Class MatchingTimeoutExecutor

java.lang.Object

org.mockserver.matchers.MatchingTimeoutExecutor

public final class MatchingTimeoutExecutor
extends Object

Shared daemon-thread executor used by request matchers (regex, XPath) to bound the runtime of pathological user-supplied expressions. Wrapping each match in a Future-with-timeout protects MockServer from ReDoS / XPath DoS attacks where a single malicious expectation or input would otherwise pin a Netty worker thread.

The pool is cached (not single-thread) so concurrent matches do not serialize, and daemon-flagged so it never blocks JVM shutdown.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	MatchingTimeoutExecutor.OnTimeout

Method Summary

Modifier and Type	Method	Description
static <T> T	callWithTimeout(Callable<T> task, long timeoutMillis, T onTimeout, MatchingTimeoutExecutor.OnTimeout onTimeoutCallback)	Run a matching task with a millisecond timeout.
static boolean	matchesWithRegexTimeout(MockServerLogger mockServerLogger, String description, Pattern pattern, Callable<Boolean> matchOperation)	Evaluate a user-supplied regular expression under the shared mockserver.regexMatchingTimeoutMillis timeout, so a pathological (ReDoS) pattern cannot pin a worker thread.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

callWithTimeout

public static <T> T callWithTimeout(Callable<T> task,
 long timeoutMillis,
 T onTimeout,
 MatchingTimeoutExecutor.OnTimeout onTimeoutCallback)
                             throws Exception

Run a matching task with a millisecond timeout. A non-positive timeout disables the timeout and runs the task on the calling thread (preserving pre-timeout behaviour for users who opt out).

Returns:

the task's result, or onTimeout when the timeout fires

Throws:

Exception - any checked exception thrown by the task (other than TimeoutException)

matchesWithRegexTimeout

public static boolean matchesWithRegexTimeout(MockServerLogger mockServerLogger,
 String description,
 Pattern pattern,
 Callable<Boolean> matchOperation)

Evaluate a user-supplied regular expression under the shared mockserver.regexMatchingTimeoutMillis timeout, so a pathological (ReDoS) pattern cannot pin a worker thread. A timeout or any error is treated as a non-match (returns false) and, when a timeout fires and a logger is supplied, logs a WARN naming the pattern.

Parameters:

mockServerLogger - logger for the timeout warning (may be null)

description - short label for the log (e.g. "graphql operationName")

pattern - the compiled user regex (used only for the log message)

matchOperation - the actual match call (e.g. () -> pattern.matcher(input).matches())

Returns:

the match result, or false on timeout/error