I’m using SonarQube at work to check for vulnerabilities, and sonar pointed out that my regex is vulnerable to DoS. This is the regex: /^(s+S+s*)(?!s).$/
I went to ReDoS checker and indeed it is vulnerable, but the attack string that they proposed it’d damage the app has 38000 characters. On the input in the app, besides this regex there is also a validator for max length ( 100 ), and I couldn’t ruin the app with that 38000 character long string ( maybe I don’t know how ).