Overview
- Bug Type:
- Catastrophic regex backtracking
- Category:
- Performance
Definition
A regex with pathological quantifiers exhibits exponential runtime on crafted inputs (ReDoS).
How to fix Catastrophic regex backtracking?
Rewrite patterns to avoid nested backtracking; add input length limits/timeouts; prefer linear-time engines where available
Symptoms
Observable signs that may indicate Catastrophic regex backtracking:
- Requests hang or CPU spikes on specific input strings.
- Regex evaluation dominates profiles under load.
- DoS-like behavior with crafted repeating patterns.
Example Errors:
- Regex timeout exceeded
- High CPU during regex.test/exec
- ReDoS detected for pattern