Add linter to check for catastrophic backtracking in Python re module #41

mschwager · 2019-12-11T01:06:11Z

Some Python examples with catastrophic backtracking:

import re


bad_string = 'a' * 64 + '!'
bad_regexs = [
    r'(a+)+',
    r'([a-zA-Z]+)*',
    r'(a|aa)+',
    r'(a|a?)+',
    r'(.*a){20}',
]

boom = [
    re.search(bad_regex, bad_string)
    for bad_regex in bad_regexs
]

We'll need a way to parse regex patterns in a programmatic way (convert to NFA?). From here we can analyze patterns in re calls and check for catastrophic behavior. The prevention document above lists a few initial behaviors to search for.

The text was updated successfully, but these errors were encountered:

…g in re module" This reverts commit 4d0f79f.

…ktracking in re module"" This reverts commit 3c9375a.

mschwager closed this as completed in 4d0f79f Dec 27, 2019

mschwager added a commit that referenced this issue Dec 28, 2019

Revert "Fix #41, lint for regular expression catastrophic backtrackin…

3c9375a

…g in re module" This reverts commit 4d0f79f.

mschwager added a commit that referenced this issue Dec 28, 2019

Revert "Revert "Fix #41, lint for regular expression catastrophic bac…

e7993a3

…ktracking in re module"" This reverts commit 3c9375a.

Add linter to check for catastrophic backtracking in Python re module #41

Add linter to check for catastrophic backtracking in Python re module #41

Comments

mschwager commented Dec 11, 2019