Author brezniczky
Recipients brezniczky, ezio.melotti, mrabarnett
Date 2021-07-21.15:58:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1626883085.39.0.741009380181.issue44699@roundup.psfhosted.org>
In-reply-to
Content
I'd also raise for consideration the introduction a (default?) timeout on regexes, similarly to how such a feature seems available in .NET. 

Given the DOS vector vs. occasionally non-trivially complex expressions, this could draw developer attention to this security aspect and stimulate the evolution of a more secure ecosystem.

https://docs.microsoft.com/en-us/dotnet/api/system.text.regularexpressions.regex.matchtimeout?view=net-5.0
History
Date User Action Args
2021-07-21 15:58:05brezniczkysetrecipients: + brezniczky, ezio.melotti, mrabarnett
2021-07-21 15:58:05brezniczkysetmessageid: <1626883085.39.0.741009380181.issue44699@roundup.psfhosted.org>
2021-07-21 15:58:05brezniczkylinkissue44699 messages
2021-07-21 15:58:05brezniczkycreate