Regex ReDoS Detector
CodeScan a regex for catastrophic-backtracking (ReDoS) risk: nested quantifiers, overlapping alternation, and adjacent overlapping quantifiers
Paste a regular expression and this tool statically scans it for the constructs that cause catastrophic backtracking, the class of bug behind most ReDoS denial-of-service incidents. It flags nested unbounded quantifiers like (a+)+, alternation branches that can match the same input under a repetition like (a|ab)*, and adjacent overlapping quantifiers like \d+\d+ that lead to quadratic runtime. It is a heuristic linter rather than a formal proof, so it deliberately does not flag safe repetition such as (ab)+ or disjoint alternation like (a|b)+, and it can miss more exotic constructs. Treat a clean result as a good sign, not a guarantee, and always benchmark a suspect pattern against realistic worst-case input.
How to use Regex ReDoS Detector
- 1.Paste the body of a regex (no delimiters or flags) and read the risk level: high means an exponential construct was found, medium means a quadratic one.
- 2.Check each finding's snippet and message to see exactly which part of the pattern is dangerous and why.
- 3.Rewrite a flagged pattern by removing the nested repetition, making alternation branches mutually exclusive, or anchoring the repeat, then re-scan to confirm the risk is gone.
Frequently asked questions
Use via API, SDK, or MCP
cURL# Free: 1,000 req/day · Pro: 10,000 req/day
curl -X POST https://api.utilix.tech/v1/tools/redos-detector \
-H "Authorization: Bearer utx_live_..." \
-H "Content-Type: application/json" \
-d '{"pattern":"(a+)+"}'Get an API key from your dashboard · Full API docs →