Add linter to check for catastrophic backtracking in Python re module #41

mschwager · 2019-12-11T01:06:11Z

Some Python examples with catastrophic backtracking:

import re


bad_string = 'a' * 64 + '!'
bad_regexs = [
    r'(a+)+',
    r'([a-zA-Z]+)*',
    r'(a|aa)+',
    r'(a|a?)+',
    r'(.*a){20}',
]

boom = [
    re.search(bad_regex, bad_string)
    for bad_regex in bad_regexs
]

We'll need a way to parse regex patterns in a programmatic way (convert to NFA?). From here we can analyze patterns in re calls and check for catastrophic behavior. The prevention document above lists a few initial behaviors to search for.

The text was updated successfully, but these errors were encountered:

…g in re module" This reverts commit 4d0f79f.

…ktracking in re module"" This reverts commit 3c9375a.

mschwager closed this as completed in 4d0f79f Dec 27, 2019

mschwager added a commit that referenced this issue Dec 28, 2019

Revert "Fix #41, lint for regular expression catastrophic backtrackin…

3c9375a

…g in re module" This reverts commit 4d0f79f.

mschwager added a commit that referenced this issue Dec 28, 2019

Revert "Revert "Fix #41, lint for regular expression catastrophic bac…

e7993a3

…ktracking in re module"" This reverts commit 3c9375a.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add linter to check for catastrophic backtracking in Python re module #41

Add linter to check for catastrophic backtracking in Python re module #41

mschwager commented Dec 11, 2019

Add linter to check for catastrophic backtracking in Python re module #41

Add linter to check for catastrophic backtracking in Python re module #41

Comments

mschwager commented Dec 11, 2019