From 4dbecdba6c9a4eff3b0b6e621b12629e2743fb34 Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sun, 16 Jan 2022 19:06:56 -0500
Subject: [PATCH 1/3] Add test capturing undesirable performance. Ref #361.

---
 exercises.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/exercises.py b/exercises.py
index bc8a44e9..bc0106ee 100644
--- a/exercises.py
+++ b/exercises.py
@@ -34,3 +34,12 @@ def uncached_distribution_perf():
     # end warmup
     importlib.invalidate_caches()
     importlib_metadata.distribution('ipython')
+
+
+def entrypoint_regexp_perf():
+    import importlib_metadata
+    import re
+
+    input = '0' + ' ' * 2 ** 10 + '0'  # end warmup
+
+    re.match(importlib_metadata.EntryPoint.pattern, input)

From aa4f879f81a64d09b25acccb2ae25ed8c37584fd Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sun, 16 Jan 2022 19:15:52 -0500
Subject: [PATCH 2/3] Refactor regular expression to avoid expensive
 backtracking on contrived entry points.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes #361.

Credit to Tim Peters.

Reduces cost from almost 2 seconds to ~100 µs on my workstation as reported by entrypoint_regexp_perf.
---
 importlib_metadata/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/importlib_metadata/__init__.py b/importlib_metadata/__init__.py
index 08f7a9ea..7713e1e0 100644
--- a/importlib_metadata/__init__.py
+++ b/importlib_metadata/__init__.py
@@ -161,8 +161,8 @@ class EntryPoint(DeprecatedTuple):
 
     pattern = re.compile(
         r'(?P<module>[\w.]+)\s*'
-        r'(:\s*(?P<attr>[\w.]+))?\s*'
-        r'(?P<extras>\[.*\])?\s*$'
+        r'(:\s*(?P<attr>[\w.]+)\s*)?'
+        r'((?P<extras>\[.*\])\s*)?$'
     )
     """
     A regular expression describing the syntax for an entry point,

From 5516095d38a35f9ef408c72bb94b0fded460f7c3 Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sun, 16 Jan 2022 19:21:12 -0500
Subject: [PATCH 3/3] Update changelog

---
 CHANGES.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index e61e6e82..89c53863 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,8 @@
+v4.10.1
+=======
+
+* #361: Avoid potential REDoS in ``EntryPoint.pattern``.
+
 v4.10.0
 =======