refactor: separate config service from jail config service

- Split config_service.py into config_service.py and jail_config_service.py - Update Docs/Tasks.md, Security.md, TROUBLESHOOTING.md
2026-05-03 01:05:18 +02:00
parent 881cfbdd71
commit 7ad885d276
5 changed files with 101 additions and 57 deletions
--- a/Docs/TROUBLESHOOTING.md
+++ b/Docs/TROUBLESHOOTING.md
@@ -301,6 +301,36 @@ sqlite3 /var/lib/bangui/bangui.db "PRAGMA integrity_check;"

 ---

+## Regex Pattern Rejected
+
+### Symptom: Filter or action configuration fails with "Invalid regex" error
+
+**Cause:** The regex pattern is either syntactically invalid or detected as a ReDoS (Regular Expression Denial of Service) vulnerability.
+
+**Diagnosis:**
+1. Check the error message — it indicates whether the pattern is syntactically invalid or flagged as dangerous
+2. Look for log events: `regex_redos_detected` or `regex_compilation_timeout`
+
+**Common ReDoS patterns that are rejected:**
+| Pattern | Problem |
+|---------|---------|
+| `(a+)+b` | Nested quantifiers with overlap |
+| `([a-z]+)*d` | Quantifier inside quantifier |
+| `(x+)+y` | Nested plus operators |
+
+**Solution:**
+1. Rewrite the pattern to avoid nested quantifiers on overlapping groups
+2. Use atomic groups or possessive quantifiers where possible: `(?>a+)+b`
+3. Simplify complex alternations
+
+**Prevention:**
+- Test regex patterns in isolation before deploying
+- Avoid patterns with quantified groups inside other quantifiers
+- Prefer explicit character classes over `.*` where possible
+- Use [regexploit](https://github.com/doyensec/regexploit) to audit patterns
+
+---
+
 ## Getting Help

 If issues persist after following this guide: