# Regular Expression Denial of Service (ReDoS)

- ID: python-redos
- Severity: MEDIUM
- CWE: ReDoS (CWE-1333)
- Languages: Python

## Description

Detects regular expressions with catastrophic backtracking patterns that can
cause exponential time complexity when matching certain inputs. Attackers can
exploit this to cause denial of service. Use simpler patterns or set timeouts.

## Remediation

Avoid nested quantifiers like (a+)+. Use simple patterns with bounded quantifiers.

```python
import re

# Safe: simple character class with bounded quantifiers
pattern = re.compile(r'^[a-zA-Z0-9_]{3,20}$')

if not pattern.match(username):
    raise ValueError('Invalid username')
```

Learn more: https://shoulder.dev/learn/python/cwe-1333/redos

## Documentation

[object Object]

## Related Rules

- **Regular Expression Denial of Service** [MEDIUM]: 
- **Regular Expression Denial of Service (ReDoS)** [HIGH]: