Invalid regular expression
Production Risk
Always validate user-supplied regex patterns; catastrophic backtracking is a separate DoS risk.
Raised by the re module when a regular expression pattern is invalid — for example, mismatched parentheses, invalid escape sequences, or quantifiers in invalid positions.
- 1Unmatched parentheses: re.compile("(foo")
- 2Invalid escape sequence: re.compile("\p") in Python (not supported)
- 3Quantifier without atom: re.compile("*foo")
- 4Lookbehind with variable width: re.compile("(?<=a+)b")
Compiling a regex with an unmatched parenthesis.
import re
re.compile("(unclosed group")expected output
re.error: missing ), unterminated subpattern at position 0
Fix 1
Validate regex patterns from user input
WHEN Accepting regex patterns from users or configuration
import re
def safe_compile(pattern):
try:
return re.compile(pattern)
except re.error as e:
raise ValueError(f"Invalid regex pattern {pattern!r}: {e}") from eWhy this works
Wrap re.compile() in try/except re.error to give users a clear error message.
Fix 2
Use raw strings for regex patterns
WHEN Writing regex literals in Python
import re # Use raw strings (r"") to avoid double-escaping pattern = re.compile(r"\d+\.\d+") # matches 3.14 # Without r"", you'd need "\\d+\\.\\d+"
Why this works
Raw strings prevent Python from interpreting backslashes before the regex engine sees them.
import re
re.compile("(unclosed group") # re.error: missing )import re
try:
pattern = re.compile(user_regex)
except re.error as e:
print(f"Invalid regex: {e}")
pattern = re.compile("")import re
def safe_compile(pat):
try:
return re.compile(pat)
except re.error as e:
raise ValueError(f"Invalid pattern {pat!r}: {e}") from ePython Docs — re module
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev