fix(patterns): anchor MP2 regex to prevent catastrophic backtracking

[mimran-khan]

Summary

The first MP2 pattern (Context Window Stuffing) uses a nested structure ((\S)(?!\2).{1,19}?)\1{20,} that is vulnerable to catastrophic backtracking (ReDoS). On non-matching inputs of moderate size (>500 chars), the regex engine explores exponential backtracking paths due to the lazy .{1,19}? quantifier inside a backreference-repeated group.

Changes

• static_patterns_memory_poisoning.py: Replace the vulnerable pattern with (.{2,20}?)\1{20,} which detects repeated substrings without the expensive negative lookahead inside a repeated group.
• New test file: tests/nodes/analyzers/test_mp2_regex_backtracking.py — validates both correct detection of repeated content and bounded execution time on adversarial inputs.

Before / After

# Before — exponential backtracking on non-matching input
(r"((\S)(?!\2).{1,19}?)\1{20,}", 0.8)

# After — linear-time matching, same detection capability
(r"(.{2,20}?)\1{20,}", 0.8)

Testing

• 6 new tests: 3 for correct detection, 3 for bounded execution time
• Full test suite passes (775 tests, excluding pre-existing upstream issue in test_llm_utils.py)

Fixes #151

[keshprad]

Requesting changes for the lint failure and the MP2 repeated-token false negative.

[keshprad]

make lint currently fails here because signal and sys are imported but unused (ruff F401). Please remove these imports before merge.

[keshprad]

Pls also run make lint to verify any other fixes needed

[keshprad]

This filter seems broader than the intended markdown-separator suppression. Because it calls captured.strip() before counting unique characters, repeated whitespace-bearing stuffing like "x " * 30 is skipped as a single-character repetition, creating a false negative for MP2. Could we keep suppressing separators such as "=" * 80 without dropping repeated tokens that include spaces?

[rng1995]

Re-review

The ReDoS fix itself is correct — replacing ((\S)(?!\2).{1,19}?)\1{20,} with (.{2,20}?)\1{20,} removes the catastrophic-backtracking vector while preserving repeated-substring detection, and the bounded-time tests are a good addition.

However, the two items @keshprad raised are still open — no new commit has been pushed since that review (head is still d74083c2), so I'm keeping this at request changes:

1. Lint break (ruff F401). tests/nodes/analyzers/test_mp2_regex_backtracking.py still imports signal and sys (top of file) but never uses them — make lint will fail. Please remove them.
2. MP2 false negative from the new suppression filter. In static_patterns_memory_poisoning.py:

   if len(set(captured.strip())) <= 1:
       continue

   Calling .strip() before counting unique characters means space-bearing stuffing such as "x " * 30 reduces to a single unique char ({"x"}) and is skipped — a genuine context-stuffing payload would be missed. Consider suppressing only true single-character separators (e.g. "=" * 80) without stripping interior whitespace, so repeated multi-char tokens that include spaces are still caught.

[rng1995]

Re-review — both items from @keshprad's review are still open

I took a fresh look. The head is unchanged since @keshprad's review (d74083c2) and no new commit has been pushed to address the two blocking points, so I'm re-requesting changes to keep them tracked. Full credit to @keshprad for the original findings.

The core ReDoS fix is good — anchoring to (.{2,20}?)\1{20,} removes the nested negative-lookahead-inside-a-backreference-repeat and gives linear-time matching with equivalent detection. No concern there.

1. Lint failure (ruff F401). tests/nodes/analyzers/test_mp2_regex_backtracking.py still has unused imports:

import signal
import sys

Neither is referenced anywhere in the file, so make lint fails. Please remove them (and run make lint to catch anything else).

2. MP2 false negative from the new suppression filter. In static_patterns_memory_poisoning.py:

captured = match.group(1) if match.lastindex else match.group(0)
if len(set(captured.strip())) <= 1:
    continue

Calling .strip() before counting unique characters means space-bearing stuffing like "x " * 30 collapses to a single unique character ({"x"}) and is skipped — a genuine context-window-stuffing payload is then missed. The intent (suppressing separators like "=" * 80) is reasonable, but the filter shouldn't discard repeated tokens that legitimately include whitespace. Consider counting uniqueness on the captured unit without stripping interior spaces.

Happy to re-approve once the lint break and the strip-based false negative are addressed.

[mimran-khan]

Both issues addressed:

1. Lint fixed — removed unused signal and sys imports from test_mp2_regex_backtracking.py. ruff check passes clean.

2. Whitespace-bearing stuffing false negative fixed — replaced len(set(captured.strip())) <= 1 with a whitespace-aware check: we now compute unique non-whitespace chars and only suppress when both (a) there's at most one unique non-whitespace char AND (b) no interior whitespace is present. This means:

   • "=" * 80 → suppressed ✓ (single non-ws char, no spaces)
   • "x " * 30 → detected ✓ (single non-ws char, but has interior whitespace = genuine stuffing)
   • "ab" * 30 → detected ✓ (multiple non-ws chars)

3. Tests added: test_separator_line_not_detected (separators suppressed) and test_whitespace_bearing_stuffing_detected (space-bearing payloads not suppressed).

Branch rebased on latest main.