The question about resolving the ReDos requests a change from ^(PATTERN+)*$ to ^PATTERN+$, but that is not entirely correct.
The correct option would be: ^(PATTERN+)$ because it keeps the capture group that part of the software could rely on.
Compare these:
>>> re.match(r'^([a-z]+)*$', 'zzz').groups()[0]
'zzz'
>>> re.match(r'^([a-z]+)$', 'zzz').groups()[0]
'zzz'
>>> re.match(r'^[a-z]+$', 'zzz').groups()[0]
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IndexError: tuple index out of range
(I realise just now that this might not be the correct place to file this. I was checking the developing-secure-software-lfd121 content. If I'm in the wrong place, I am sorry.)
The question about resolving the ReDos requests a change from
^(PATTERN+)*$
to^PATTERN+$
, but that is not entirely correct.The correct option would be:
^(PATTERN+)$
because it keeps the capture group that part of the software could rely on.Compare these:
(I realise just now that this might not be the correct place to file this. I was checking the
developing-secure-software-lfd121
content. If I'm in the wrong place, I am sorry.)