The following expression doesn't ReDoS, but Dlint detects it:
re.search(r'(\n.*)+a', '\n' * 64 + 'b')
However, this expression does ReDoS:
re.search(r'(\n.*)+a', '\n' * 64 + 'b', re.DOTALL)
Fixing this requires a large amount of work for little gain in reducing false positives. The first example doesn't seem very common. We don't currently analyze the flags passed to re functions, so adding this functionality would take considerable work.
The following expression doesn't ReDoS, but Dlint detects it:
However, this expression does ReDoS:
Fixing this requires a large amount of work for little gain in reducing false positives. The first example doesn't seem very common. We don't currently analyze the flags passed to
refunctions, so adding this functionality would take considerable work.