A. N. Nepeivoda, Yu. A. Belikova, K. K. Shevchenko, M. R. Teriukha, D. P. Knyazihin, A. D. Delman, A. S. Terentyeva, “REDoS detection in “Domino” regular expressions by Ambiguity Analysis”, Proceedings of ISP RAS, 2023, Volume 35, Issue 3,Pages <nobr>109

REDoS detection in “Domino” regular expressions by Ambiguity Analysis

A. N. Nepeivoda^a, Yu. A. Belikova^b, K. K. Shevchenko^b, M. R. Teriukha^b, D. P. Knyazihin^b, A. D. Delman^b, A. S. Terentyeva^b

^a Ailamazyan Program Systems Institute of Russian Academy of Sciences
^b Bauman Moscow State Technical University

Abstract: The Regular Expression Denial of Service (REDoS) problem refers to a time explosion caused by the high computational complexity of matching a string against a regex pattern. This issue is prevalent in popular regex engines, such as Python, JavaScript, and C++. In this paper, we examine several existing open-source tools for detecting REDoS and identify a class of regexes that can create REDoS situations in popular regex engines but are not detected by these tools. To address this gap, we propose a new approach based on ambiguity analysis, which combines a strong star-normal form test with an analysis of the transformation monoids of Glushkov automata orbits. Our experiments demonstrate that our implementation outperforms the existing tools on regexes with polynomial matching complexity and complex subexpression overlap structures.

Keywords: regular expressions, ambiguity, REDoS, Glushkov automaton, transformation monoid, strong star-normal form

Language: English

DOI: 10.15514/ISPRAS-2023-35(3)-8