Inefficient Regular Expression Complexity
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code creates regular expressions using input that isn’t hardcoded, such as function arguments. This allows user-controlled values to define regex patterns, which can introduce security risks if not validated.
Impact#
An attacker could supply a specially crafted regular expression that causes excessive processing time (ReDoS), potentially freezing or severely slowing down your application. This can lead to denial of service, impacting availability for legitimate users.