MediaWiki should have some way to reject regular expressions which are vulnerable to ReDoS attacks (or are ReDoS attacks). Some use cases:
- T105126: [Task] Evaluate pattern constraints (safely)
- T176312: Don’t check format constraint via SPARQL (safely evaluating user-provided regular expressions)
- https://gerrit.wikimedia.org/r/#/c/411593/
Some tools that claim to be able to detect vulnerable regular expressions:
- NicolaasWeideman/RegexStaticAnalysis (Java)
- RXXR / RXXR2 (OCaml)
- substack/safe-regex (Node.js)
It seems not too hard to compile one of these into a binary and make MediaWiki shell out to it to check regular expressions before executing them.