TRE Python binding — ReDoS robustness demo

Simon Willison · Simon Willison · 2026-05-04

(No summary yet for this item — extraction summaries are still backfilling.)

Open original ↗

Appears in

Simon Willison Showcases Claude Code as a Rapid Prototyping Agent

Extraction

Topics: redos-attacksregular-expression-enginespython-securityagentic-coding

Claims

The TRE regular expression library is significantly more robust against ReDoS attacks than Python's standard library regex implementation.
TRE's ReDoS resistance stems primarily from its lack of support for backtracking.
Claude Code was used to build an experimental Python binding to TRE via ctypes.
TRE's inclusion in Redis (added by antirez) motivated this deeper exploration of the library.

Key quotes

TRE handles those much better than Python's standard library implementation, thanks mainly to the lack of support for backtracking.

If it's good enough for antirez to add to Redis I figured Ville Laurikari's TRE regular expression engine was worth exploring in a little more detail.