Talks: Oh no! My regex is causing a Denial of Service! What can I do about it?

Saturday - April 22nd, 2023 4:15 p.m.-4:45 p.m. in

Presented by:

Experience Level:

Some experience


Every modern programming language supports regular expressions. Python uses a backtracking engine to match developer-defined expressions against a wide range of input. Under certain circumstances, backtracking can lead to performance issues, and in extreme cases a denial of service (ReDoS).

We will use descriptive examples to demonstrate the core issue, what to look for to detect problematic expressions, as well as how static analysis can help in this context. We will look at techniques to improve regular expression performance and defend against malicious inputs.