[issue44699] Simple regex appears to take exponential time in length of input
János Brezniczky
report at bugs.python.org
Wed Jul 21 11:58:05 EDT 2021
János Brezniczky <brezniczky at gmail.com> added the comment:
I'd also raise for consideration the introduction a (default?) timeout on regexes, similarly to how such a feature seems available in .NET.
Given the DOS vector vs. occasionally non-trivially complex expressions, this could draw developer attention to this security aspect and stimulate the evolution of a more secure ecosystem.
https://docs.microsoft.com/en-us/dotnet/api/system.text.regularexpressions.regex.matchtimeout?view=net-5.0
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44699>
_______________________________________
More information about the Python-bugs-list
mailing list