Sound Static Analysis of Regular Expressions for Vulnerabilities to Denial of Service Attacks
Modern programming languages often provide functions to manipulate regular expressions in standard libraries.If they offer support for advanced features, the matching algorithm has an exponential worst-case time complexity: for some so-called vulnerable regular expressions, an attacker can craft ad hoc strings to force the matcher to exhibit an exponential behaviour…
