perf: optimize rust validation sidecar matching

Signed-off-by: lucarlig <luca.carlig@ibm.com>

Author: lucarlig

tools_rust/validation_middleware_sidecar/src/lib.rs

@@ -7,7 +7,12 @@ use std::sync::{Arc, Mutex};
 
 struct CompiledValidator {
     max_param_length: usize,
-    dangerous_patterns: Vec<Regex>,
+    dangerous_pattern: Option<Regex>,
+}
+
+enum ValidationFailure {
+    MaxLength,
+    DangerousPattern,
 }
 
 static VALIDATOR_CACHE: Lazy<Mutex<HashMap<String, Arc<CompiledValidator>>>> =
@@ -32,17 +37,23 @@ fn get_validator(
         return Ok(existing);
     }
 
-    let compiled_patterns = dangerous_patterns
-        .iter()
-        .map(|pattern| {
-            Regex::new(pattern)
-                .map_err(|error| PyErr::new::<pyo3::exceptions::PyValueError, _>(error.to_string()))
-        })
-        .collect::<PyResult<Vec<_>>>()?;
+    let combined_pattern =
+        if dangerous_patterns.is_empty() {
+            None
+        } else {
+            let joined = dangerous_patterns
+                .iter()
+                .map(|pattern| format!("(?:{pattern})"))
+                .collect::<Vec<_>>()
+                .join("|");
+            Some(Regex::new(&joined).map_err(|error| {
+                PyErr::new::<pyo3::exceptions::PyValueError, _>(error.to_string())
+            })?)
+        };
 
     let validator = Arc::new(CompiledValidator {
         max_param_length,
-        dangerous_patterns: compiled_patterns,
+        dangerous_pattern: combined_pattern,
     });
 
     VALIDATOR_CACHE
@@ -52,19 +63,17 @@ fn get_validator(
     Ok(validator)
 }
 
-fn validate_string(
-    key: &str,
-    value: &str,
-    validator: &CompiledValidator,
-) -> Option<(String, String)> {
+fn validate_string(value: &str, validator: &CompiledValidator) -> Option<ValidationFailure> {
     if value.len() > validator.max_param_length {
-        return Some((key.to_owned(), "max_length".to_owned()));
+        return Some(ValidationFailure::MaxLength);
     }
 
-    for pattern in &validator.dangerous_patterns {
-        if pattern.is_match(value) {
-            return Some((key.to_owned(), "dangerous_pattern".to_owned()));
-        }
+    if validator
+        .dangerous_pattern
+        .as_ref()
+        .is_some_and(|pattern| pattern.is_match(value))
+    {
+        return Some(ValidationFailure::DangerousPattern);
     }
 
     None
@@ -76,11 +85,14 @@ fn walk_json_like(
 ) -> PyResult<Option<(String, String)>> {
     if let Ok(dict) = data.cast::<PyDict>() {
         for (key, value) in dict.iter() {
-            if value.is_instance_of::<PyString>() {
-                let key_string = key.str()?.to_string_lossy().into_owned();
-                let value_string = value.cast::<PyString>()?.to_str()?.to_owned();
-                if let Some(result) = validate_string(&key_string, &value_string, validator) {
-                    return Ok(Some(result));
+            if let Ok(value_string) = value.cast::<PyString>() {
+                if let Some(result) = validate_string(value_string.to_str()?, validator) {
+                    let key_string = key.str()?.to_string_lossy().into_owned();
+                    let error_type = match result {
+                        ValidationFailure::MaxLength => "max_length",
+                        ValidationFailure::DangerousPattern => "dangerous_pattern",
+                    };
+                    return Ok(Some((key_string, error_type.to_owned())));
                 }
             } else if value.is_instance_of::<PyDict>() || value.is_instance_of::<PyList>() {
                 if let Some(result) = walk_json_like(&value, validator)? {