"ReDoS防护与正则性能治理最佳实践"

ReDoS防护与正则性能治理最佳实践概述恶意输入可能触发正则回溯爆炸导致拒绝服务。通过安全模式与超时控制、限速与长度约束，可有效防护。安全模式与白名单const safeEmail = /^\S+@\S+\.\S+$/ const safeName = /^[a-zA-Z0-9_\-]{1,50}$/ function validateWithWhitelist(input: string, type: 'email' | 'name'): boolean { const re = type === 'email' ? safeEmail : safeName if (input.length > 256) return false return re.test(input) } 超时控制function regexTestWithTimeout(re: RegExp, input: string, ms: number): boolean { const start = Date.now() const ok = re.test(input) return ok && Date.now() - start < ms } 输入限速与长度约束class RateGate { windowMs: number max: number hits = new Map<string, number[]>() constructor(windowMs: number, max: number) { this.windowMs = windowMs; this.max = max } allow(key: string): boolean { const now = Date.now() const arr = (this.hits.get(key) || []).filter(t => now - t < this.windowMs) if (arr.length >= this.max) return false arr.push(now) this.hits.set(key, arr) return true } } 运维要点使用已知安全模式并限制输入长度与字符集对高风险校验实施超时控制与限速审计超时与拒绝事件，持续优化模式与阈值通过白名单、超时与限速组合，可在后端形成稳健的正则性能治理与ReDoS防线。