Bento check: Catch catastrophic backtracking ReDoS bugs

ReDoS (Regular Expression Denial-of-Service) vulnerabilities arise when inefficient regular expressions, often involving nested quantifiers or mutually inclusive alternation, are exploited by specially crafted strings, causing excessive backtracking and potentially leading to application security issues. A notable instance of such a vulnerability caused a global outage for Cloudflare in July 2019 due to a single poorly written WAF rule. To address these vulnerabilities, Bento includes a check in its version 0.9 to identify inefficient regular expressions in Python projects, leveraging heuristics and program analysis to detect such patterns. Initial tests of the Bento check revealed vulnerabilities in various widely-used Python projects, including the Python urllib module, leading to Python bpo-39503 and CVE-2020-8492. Users of Python projects can utilize Bento to identify and mitigate ReDoS vulnerabilities, ensuring better security and availability of their applications.