While doing some static analysis, found that this bit of code is vulnerable to a ReDoS (Regular expression denial-of-service). https://github.com/nficano/python-lambda/blob/master/aws_lambda/helpers.py#L41 ```bash ⛔️ Error on line 41 in https://github.com/nficano/python-lambda/blob/master/aws_lambda/helpers.py#L41 PY033: Inefficient Regular Expression Complexity The call to 're.search'' with regex pattern 'r"^\${(?P<environment_key_name>\w+)*}$"'' is susceptible to catastrophic backtracking and may cause performance degradation. 40 if val is not None and isinstance(val, str): ❱ 41 match = re.search(r"^\${(?P<environment_key_name>\w+)*}$", val) 42 if match is not None: ``` To recreate in a small sample: ```python import re val = "${aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!}" match = re.search(r"^\${(?P<environment_key_name>\w+)*}$", val) ``` Running this code will hang for a very long time. Thus in the original code, if an environment variable is set to "${aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!}" you'll get a similar denial-of-service. https://docs.securesauce.dev/rules/PY033