regex
Safeguard articles tagged "regex" — guides, analysis, and best practices for software supply chain and application security.
4 articles
How catastrophic regex backtracking causes ReDoS — and how to stop it
A single bad regex took Cloudflare's global network to ~100% CPU for 27 minutes in 2019. Here's the backtracking mechanics behind ReDoS and how to rewrite unsafe patterns.
ReDoS in Python and FastAPI: how one regex takes down an event loop
CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.
What is ReDoS (Regular Expression Denial of Service)?
A single badly written regular expression can freeze an entire service under a short, crafted input. This is ReDoS — and it has taken down Cloudflare and Stack Overflow. Here's how to avoid it.
Regular Expression Denial of Service (ReDoS): Detection and Prevention
A single bad regex can bring down your entire application. ReDoS attacks exploit catastrophic backtracking to consume unbounded CPU time.