Catastrophic backtracking in regular expression #723
Description
While doing some static analysis, found that this bit of code is vulnerable to a ReDoS (Regular expression denial-of-service).
https://github.com/nficano/python-lambda/blob/master/aws_lambda/helpers.py#L41
⛔️ Error on line 41 in https://github.com/nficano/python-lambda/blob/master/aws_lambda/helpers.py#L41
PY033: Inefficient Regular Expression Complexity
The call to 're.search'' with regex pattern 'r"^\${(?P<environment_key_name>\w+)*}$"'' is susceptible to catastrophic backtracking and may cause performance degradation.
40 if val is not None and isinstance(val, str):
❱ 41 match = re.search(r"^\${(?P<environment_key_name>\w+)*}$", val)
42 if match is not None: To recreate in a small sample:
import re
val = "${aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!}"
match = re.search(r"^\${(?P<environment_key_name>\w+)*}$", val)Running this code will hang for a very long time.
Thus in the original code, if an environment variable is set to "${aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!}" you'll get a similar denial-of-service.