8 lines
1.0 KiB
Plaintext
8 lines
1.0 KiB
Plaintext
Most of the regular expression engines use ``++backtracking++`` to try all possible execution paths of the regular expression when evaluating an input, in some cases it can cause performance issues, called ``++catastrophic backtracking++`` situations. In the worst case, the complexity of the regular expression is exponential in the size of the input, this means that a small carefully-crafted input (like 20 chars) can trigger ``++catastrophic backtracking++`` and cause a denial of service of the application. Super-linear regex complexity can lead to the same impact too with, in this case, a large carefully-crafted input (thousands chars).
|
|
|
|
|
|
This rule determines the runtime complexity of a regular expression and informs you of the complexity if it is not linear.
|
|
|
|
|
|
Note that, due to improvements to the matching algorithm, some cases of exponential runtime complexity have become impossible when run using JDK 9 or later. In such cases, an issue will only be reported if the project's target Java version is 8 or earlier.
|