tjenkinson
commented
1 month ago Hey @TrueWill thanks for flagging. That should be unsafe.
Unfortunately this tool currently misses some cases when there's no start anchor.
If you prepend ^.* you'll see the failure.
I've been working on a fix and hopefully will have it ready soon
The first example from https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS is considered safe by
isSafePattern:(a+)+