rspec/rules/S5852/description.adoc

Most of the regular expression engines use <code>backtracking</code> to try all possible execution paths of the regular expression when evaluating an input, in some cases it can cause performance issues, called <code>catastrophic backtracking</code> situations. In the worst case, the complexity of the regular expression is exponential in the size of the input, this means that a small carefully-crafted input (like 20 chars) can trigger <code>catastrophic backtracking</code> and cause a denial of service of the application. Super-linear regex complexity can lead to the same impact too with, in this case, a large carefully-crafted input (thousands chars).

This rule detects regular expression patterns known to have potential performance issues:
* <code>Nested quantifiers</code> which are  quantifiers inside a group that is itself repeated by a quantifier (eg: <code>/(a+)+/</code>).
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			Most of the regular expression engines use <code>backtracking</code> to try all possible execution paths of the regular expression when evaluating an input, in some cases it can cause performance issues, called <code>catastrophic backtracking</code> situations. In the worst case, the complexity of the regular expression is exponential in the size of the input, this means that a small carefully-crafted input (like 20 chars) can trigger <code>catastrophic backtracking</code> and cause a denial of service of the application. Super-linear regex complexity can lead to the same impact too with, in this case, a large carefully-crafted input (thousands chars).

			`This rule detects regular expression patterns known to have potential performance issues:`
			`* <code>Nested quantifiers</code> which are quantifiers inside a group that is itself repeated by a quantifier (eg: <code>/(a+)+/</code>).`