fix(security): prevent ReDoS in verdict-prose and continuation matchers (#4943)

Two py/polynomial-redos sinks ran regexes with two adjacent \s-matching
quantifiers over untrusted model text, backtracking O(n^2) when the tail failed
on a whitespace flood:

  - routes/skills_routes.py: the last-resort verdict-from-prose extractor used
    `["\'\s:]*\s*` — the class already matches \s, so the trailing \s* was a
    redundant second quantifier. Dropped it (extracted to a documented module
    constant _VERDICT_PROSE_RE); the matched text is identical, the scan linear.
  - src/agent_loop.py _EXPLICIT_CONTINUATION_RE: `\s*[.!?]*\s*$` put two \s*
    around `[.!?]*`. Rewrote as `\s*(?:[.!?]+\s*)?$` — same accepted tails (no
    two \s* adjacent), linear. Portable form (no possessive quantifiers).

Both verified output-equivalent to the originals across a fuzz corpus. Adds
tests/test_redos_verdict_continuation.py pinning the unchanged match sets and
bounding the flood inputs (old patterns took seconds at 40k whitespace chars).
This commit is contained in:
nopoz
2026-06-28 03:42:20 -07:00
committed by GitHub
parent 827a6b2778
commit a7fc1343a3
3 changed files with 97 additions and 2 deletions
+6 -1
View File
@@ -845,7 +845,12 @@ _EXPLICIT_CONTINUATION_RE = re.compile(
r"run it|launch it|start it|use that|that one|same|the same|"
r"first|second|third|the first one|the second one|the third one|"
r"[123]|[abc]"
r")\s*[.!?]*\s*$",
# `\s*[.!?]*\s*$` put two \s-matching quantifiers around `[.!?]*`, which
# backtracks O(n^2) on a terse reply + whitespace flood (py/polynomial-redos).
# `\s*(?:[.!?]+\s*)?$` accepts the same "trailing space/punctuation" tails
# (the inner \s* only engages after `[.!?]+`, so no two \s* are adjacent) and
# is linear.
r")\s*(?:[.!?]+\s*)?$",
re.IGNORECASE,
)
_RETRY_CONTINUATION_RE = re.compile(