Contribute Media
A thank you to everyone who makes this possible: Read More

Oh no! My regex is causing a Denial of Service! What can I do about it?

Description

Every modern programming language supports regular expressions. Python uses a backtracking engine to match developer-defined expressions against a wide range of input. Under certain circumstances, backtracking can lead to performance issues, and in extreme cases a denial of service (ReDoS).

We will use descriptive examples to demonstrate the core issue, what to look for to detect problematic expressions, as well as how static analysis can help in this context. We will look at techniques to improve regular expression performance and defend against malicious inputs.

Details

Improve this page