@angular-helpers/security 21.0.0

package/README.md

@@ -0,0 +1,380 @@
+[English](README.en.md) | [Español](README.md)
+
+# Angular Security Helpers
+
+Security package for Angular applications that prevents common attacks like ReDoS (Regular Expression Denial of Service) using Web Workers for safe execution.
+
+## 🛡️ Features
+
+### **ReDoS Prevention**
+- **Web Worker Execution**: Regular expressions are executed in a separate thread.
+- **Configurable Timeout**: Prevents infinite executions.
+- **Complexity Analysis**: Detects dangerous patterns before execution.
+- **Safe Mode**: Only allows patterns verified as safe.
+
+### **Builder Pattern**
+- **Fluent API**: Intuitively build regular expressions.
+- **Method Chaining**: `.pattern().group().quantifier()`
+- **Real-time Validation**: Security analysis during construction.
+
+## 📦 Installation
+
+```bash
+npm install @angular-helpers/security
+```
+
+## 🚀 Basic Usage
+
+### **Configuration**
+
+```typescript
+import { provideSecurity } from '@angular-helpers/security';
+
+bootstrapApplication(AppComponent, {
+  providers: [
+    provideSecurity({
+      enableRegexSecurity: true,
+      defaultTimeout: 5000,
+      safeMode: false
+    })
+  ]
+});
+```
+
+### **Service Injection**
+
+```typescript
+import { RegexSecurityService } from '@angular-helpers/security';
+
+@Component({...})
+export class MyComponent {
+  constructor(private regexSecurity: RegexSecurityService) {}
+}
+```
+
+## 📖 Usage Examples
+
+### **1. Basic Regular Expression Test**
+
+```typescript
+async testEmail(email: string): Promise<boolean> {
+  const result = await this.regexSecurity.testRegex(
+    '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$',
+    email,
+    { timeout: 3000 }
+  );
+  
+  return result.match;
+}
+```
+
+### **2. Builder Pattern**
+
+```typescript
+import { RegexSecurityBuilder } from '@angular-helpers/security';
+
+// Fluent regular expression construction
+const emailRegex = RegexSecurityBuilder
+  .builder()
+  .startOfLine()
+  .characterSet('a-zA-Z0-9._%+-')
+  .quantifier('+')
+  .append('@')
+  .characterSet('a-zA-Z0-9.-')
+  .quantifier('+')
+  .append('\\.')
+  .characterSet('a-zA-Z')
+  .quantifier('{2,}')
+  .endOfLine()
+  .timeout(5000)
+  .safeMode()
+  .build();
+
+// Direct execution
+const result = await RegexSecurityBuilder
+  .builder()
+  .pattern('^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$')
+  .timeout(3000)
+  .execute(email, this.regexSecurity);
+```
+
+### **3. Security Analysis**
+
+```typescript
+async analyzePattern(pattern: string): Promise<void> {
+  const analysis = await this.regexSecurity.analyzePatternSecurity(pattern);
+  
+  if (!analysis.safe) {
+    console.warn('⚠️ Pattern not safe:', analysis.warnings);
+    console.info('💡 Recommendations:', analysis.recommendations);
+    
+    if (analysis.risk === 'critical') {
+      throw new Error('Pattern rejected due to critical security risk');
+    }
+  }
+  
+  console.log(`✅ Pattern complexity: ${analysis.complexity}`);
+  console.log(`🎯 Risk level: ${analysis.risk}`);
+}
+```
+
+### **4. Form Validation**
+
+```typescript
+@Component({...})
+export class FormValidationComponent {
+  constructor(private regexSecurity: RegexSecurityService) {}
+  
+  async validateUsername(username: string): Promise<boolean> {
+    const result = await this.regexSecurity.testRegex(
+      '^[a-zA-Z0-9_]{3,20}$',
+      username,
+      { timeout: 1000, safeMode: true }
+    );
+    
+    if (result.timeout) {
+      throw new Error('Username validation timeout - possible ReDoS attack');
+    }
+    
+    if (result.error) {
+      console.error('Validation error:', result.error);
+      return false;
+    }
+    
+    return result.match;
+  }
+  
+  async validateComplexInput(input: string): Promise<boolean> {
+    // Builder pattern for complex validation
+    const result = await RegexSecurityBuilder
+      .builder()
+      .startOfLine()
+      .nonCapturingGroup('[a-zA-Z]') // First letter
+      .characterSet('a-zA-Z0-9_') // Allowed characters
+      .quantifier('{2,19}') // Between 3 and 20 characters total
+      .endOfLine()
+      .timeout(2000)
+      .execute(input, this.regexSecurity);
+    
+    return result.match;
+  }
+}
+```
+
+## 🔧 Advanced Configuration
+
+### **Security Options**
+
+```typescript
+interface RegexSecurityConfig {
+  timeout?: number;        // Timeout in ms (default: 5000)
+  maxComplexity?: number;  // Max complexity (default: 10)
+  allowBacktracking?: boolean; // Allow backtracking (default: false)
+  safeMode?: boolean;      // Safe mode (default: false)
+}
+```
+
+### **Builder Options**
+
+```typescript
+interface RegexBuilderOptions {
+  global?: boolean;      // 'g' flag
+  ignoreCase?: boolean;  // 'i' flag
+  multiline?: boolean;   // 'm' flag
+  dotAll?: boolean;      // 's' flag
+  unicode?: boolean;     // 'u' flag
+  sticky?: boolean;      // 'y' flag
+}
+```
+
+## 🛡️ Security Features
+
+### **Dangerous Pattern Detection**
+
+The service automatically detects:
+
+- **Nested quantifiers**: `**`, `++` (catastrophic backtracking)
+- **Lookaheads/lookbehinds**: `(?=)`, `(?!)`, `(?<=)`, `(?<!)`
+- **Atomic groups**: `(?>)`
+- **Recursive patterns**: Deeply nested groups
+- **Complex quantifiers**: `{n,m}` with high values
+- **Greedy wildcards**: `.*`, `.+` with variable characters
+
+### **Risk Levels**
+
+- **🟢 Low**: Simple and safe patterns
+- **🟡 Medium**: Patterns with lookahead/lookbehind
+- **🟠 High**: Patterns with complex quantifiers
+- **🔴 Critical**: Patterns with catastrophic backtracking
+
+### **Attack Prevention**
+
+- **Timeout**: Stops execution after the time limit
+- **Web Worker**: Isolates execution from the main thread
+- **Pre-analysis**: Rejects dangerous patterns before execution
+- **Match limit**: Prevents infinite loops
+
+## 📊 Metrics and Monitoring
+
+### **Execution Results**
+
+```typescript
+interface RegexTestResult {
+  match: boolean;           // If there was a match
+  matches?: RegExpMatchArray[]; // All matches found
+  groups?: { [key: string]: string }; // Captured groups
+  executionTime: number;    // Execution time in ms
+  timeout: boolean;         // If there was a timeout
+  error?: string;          // Error if one occurred
+}
+```
+
+### **Security Analysis**
+
+```typescript
+interface RegexSecurityResult {
+  safe: boolean;           // If the pattern is safe
+  complexity: number;      // Complexity level (0-∞)
+  risk: 'low' | 'medium' | 'high' | 'critical';
+  warnings: string[];      // Security warnings
+  recommendations: string[]; // Improvement recommendations
+}
+```
+
+## 🔄 Form Integration
+
+### **Angular Validators**
+
+```typescript
+import { AbstractControl, ValidationErrors } from '@angular/forms';
+
+export class SecurityValidators {
+  constructor(private regexSecurity: RegexSecurityService) {}
+  
+  async securePattern(pattern: string, config?: RegexSecurityConfig) {
+    return async (control: AbstractControl): Promise<ValidationErrors | null> => {
+      const value = control.value;
+      
+      if (!value) return null;
+      
+      try {
+        const result = await this.regexSecurity.testRegex(pattern, value, config);
+        
+        if (!result.match) {
+          return { securePattern: { value, reason: 'Pattern does not match' } };
+        }
+        
+        if (result.timeout) {
+          return { securePattern: { value, reason: 'Pattern execution timeout' } };
+        }
+        
+        return null;
+      } catch (error) {
+        return { securePattern: { value, reason: error.message } };
+      }
+    };
+  }
+}
+```
+
+### **Usage in Template Forms**
+
+```typescript
+@Component({...})
+export class SecureFormComponent {
+  constructor(
+    private regexSecurity: RegexSecurityService,
+    private securityValidators: SecurityValidators
+  ) {}
+  
+  emailValidator = this.securityValidators.securePattern(
+    '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$',
+    { timeout: 3000, safeMode: true }
+  );
+}
+```
+
+## 🚨 Best Practices
+
+### **1. Use Safe Mode in Production**
+
+```typescript
+// In production, always use safeMode
+const config = { safeMode: true, timeout: 3000 };
+```
+
+### **2. Appropriate Timeout**
+
+```typescript
+// For form validations: 1-3 seconds
+// For text processing: 5-10 seconds
+// Never more than 30 seconds
+```
+
+### **3. Pre-analysis**
+
+```typescript
+// Always analyze user-provided patterns
+const analysis = await this.regexSecurity.analyzePatternSecurity(pattern);
+if (!analysis.safe) {
+  // Consider using a safer alternative pattern
+}
+```
+
+### **4. Error Handling**
+
+```typescript
+try {
+  const result = await this.regexSecurity.testRegex(pattern, text, config);
+  // Process result
+} catch (error) {
+  // Handle error safely
+  console.error('Regex security error:', error);
+  // Fallback to a simpler validation
+}
+```
+
+## 🔍 Debugging
+
+### **Security Logging**
+
+The service includes automatic logging:
+
+```typescript
+// Enables detailed logging
+console.log('Regex security initialized');
+console.log('Pattern analysis completed:', analysis);
+console.log('Pattern execution completed:', result);
+```
+
+### **Performance Monitoring**
+
+```typescript
+// Monitor execution times
+if (result.executionTime > 1000) {
+  console.warn('Slow regex pattern:', pattern, result.executionTime + 'ms');
+}
+```
+
+## 📝 License
+
+MIT License - see the LICENSE file for details.
+
+## 🤝 Contributions
+
+Contributions are welcome. Please:
+
+1. Create an issue to discuss changes
+2. Fork the repository
+3. Create a feature branch
+4. Send a pull request
+
+## 📚 Additional Resources
+
+- [OWASP Regular Expression Denial of Service](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
+- [MDN Web Workers](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API)
+- [Angular Security Best Practices](https://angular.io/guide/security)
+
+---
+
+**⚠️ Warning**: This package helps prevent ReDoS but does not replace other security practices. Always validate and sanitize user inputs.

package/ng-package.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "../../node_modules/ng-packagr/ng-package.schema.json",
+  "lib": {
+    "entryFile": "src/index.ts"
+  },
+  "dest": "../../dist/security"
+}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@angular-helpers/security",
+  "version": "21.0.0",
+  "description": "Angular security helpers for preventing ReDoS and other security vulnerabilities",
+  "keywords": [
+    "angular",
+    "security",
+    "regex",
+    "redos",
+    "prevention",
+    "web-worker",
+    "builder-pattern"
+  ],
+  "author": "Angular Helpers Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/angular-helpers/security"
+  },
+  "bugs": {
+    "url": "https://github.com/angular-helpers/security/issues"
+  },
+  "homepage": "https://github.com/angular-helpers/security#readme",
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "ng-packagr -p ng-package.json"
+  },
+  "peerDependencies": {
+    "@angular/common": "^21.0.0",
+    "@angular/core": "^21.0.0",
+    "@angular-helpers/browser-web-apis": "21.0.0",
+    "rxjs": "^7.0.0 || ^8.0.0",
+    "tslib": "^2.0.0"
+  },
+  "dependencies": {
+    "tslib": "^2.0.0"
+  },
+  "ngPackage": {
+    "lib": {
+      "entryFile": "src/index.ts"
+    },
+    "dest": "../../dist/security",
+    "allowedNonPeerDependencies": [
+      "tslib"
+    ]
+  }
+}

package/src/index.ts

@@ -0,0 +1 @@
+export * from './services/regex-security.service';

package/src/interfaces/security.interface.ts

@@ -0,0 +1,32 @@
+export interface RegexSecurityConfig {
+  timeout?: number; // Timeout en milisegundos (default: 5000)
+  maxComplexity?: number; // Máxima complejidad permitida
+  allowBacktracking?: boolean; // Permitir backtracking catastrófico
+  safeMode?: boolean; // Modo seguro solo con patrones seguros
+}
+
+export interface RegexTestResult {
+  match: boolean;
+  matches?: RegExpMatchArray[];
+  groups?: { [key: string]: string };
+  executionTime: number;
+  timeout: boolean;
+  error?: string;
+}
+
+export interface RegexSecurityResult {
+  safe: boolean;
+  complexity: number;
+  risk: 'low' | 'medium' | 'high' | 'critical';
+  warnings: string[];
+  recommendations: string[];
+}
+
+export interface RegexBuilderOptions {
+  global?: boolean;
+  ignoreCase?: boolean;
+  multiline?: boolean;
+  dotAll?: boolean;
+  unicode?: boolean;
+  sticky?: boolean;
+}

package/src/providers.ts

@@ -0,0 +1,29 @@
+import { makeEnvironmentProviders, EnvironmentProviders } from '@angular/core';
+import { RegexSecurityService } from './services/regex-security.service';
+
+export interface SecurityConfig {
+  enableRegexSecurity?: boolean;
+  defaultTimeout?: number;
+  safeMode?: boolean;
+}
+
+export const defaultSecurityConfig: SecurityConfig = {
+  enableRegexSecurity: true,
+  defaultTimeout: 5000,
+  safeMode: false
+};
+
+export function provideSecurity(config: SecurityConfig = {}): EnvironmentProviders {
+  const mergedConfig = { ...defaultSecurityConfig, ...config };
+  const providers = [];
+  
+  if (mergedConfig.enableRegexSecurity) {
+    providers.push(RegexSecurityService);
+  }
+  
+  return makeEnvironmentProviders(providers);
+}
+
+export function provideRegexSecurity(): EnvironmentProviders {
+  return makeEnvironmentProviders([RegexSecurityService]);
+}

package/src/services/regex-security.service.ts

@@ -0,0 +1,487 @@
+import { Injectable, inject, DestroyRef } from '@angular/core';
+import { Observable, Subject } from 'rxjs';
+import { map, catchError, timeout } from 'rxjs/operators';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+
+export interface RegexSecurityConfig {
+  timeout?: number; // Timeout in milliseconds (default: 5000)
+  maxComplexity?: number; // Maximum complexity allowed
+  allowBacktracking?: boolean; // Allow catastrophic backtracking
+  safeMode?: boolean; // Safe mode with secure patterns only
+}
+
+export interface RegexTestResult {
+  match: boolean;
+  matches?: RegExpMatchArray[];
+  groups?: { [key: string]: string };
+  executionTime: number;
+  timeout: boolean;
+  error?: string;
+}
+
+export interface RegexSecurityResult {
+  safe: boolean;
+  complexity: number;
+  risk: 'low' | 'medium' | 'high' | 'critical';
+  warnings: string[];
+  recommendations: string[];
+}
+
+export interface RegexBuilderOptions {
+  global?: boolean;
+  ignoreCase?: boolean;
+  multiline?: boolean;
+  dotAll?: boolean;
+  unicode?: boolean;
+  sticky?: boolean;
+}
+
+/**
+ * Security service for regular expressions that prevents ReDoS
+ * using Web Workers for safe execution with timeout
+ */
+@Injectable()
+export class RegexSecurityService {
+  private destroyRef = inject(DestroyRef);
+  private workers = new Map<string, Worker>();
+
+  /**
+   * Builder pattern to construct safe regular expressions
+   */
+  static builder(): RegexSecurityBuilder {
+    return new RegexSecurityBuilder();
+  }
+
+  /**
+   * Executes a regular expression safely with a timeout
+   */
+  async testRegex(
+    pattern: string,
+    text: string,
+    config: RegexSecurityConfig = {}
+  ): Promise<RegexTestResult> {
+    const startTime = performance.now();
+    const finalConfig = this.mergeConfig(config);
+
+    try {
+      // First, analyze pattern security
+      const securityCheck = await this.analyzePatternSecurity(pattern);
+      
+      if (!securityCheck.safe && !finalConfig.safeMode) {
+        return {
+          match: false,
+          executionTime: performance.now() - startTime,
+          timeout: false,
+          error: `Pattern rejected: ${securityCheck.warnings.join(', ')}`
+        };
+      }
+
+      // Execute in Web Worker with timeout
+      const result = await this.executeInWorker(pattern, text, finalConfig);
+      
+      return {
+        ...result,
+        executionTime: performance.now() - startTime
+      };
+    } catch (error) {
+      return {
+        match: false,
+        executionTime: performance.now() - startTime,
+        timeout: false,
+        error: error instanceof Error ? error.message : 'Unknown error'
+      };
+    }
+  }
+
+  /**
+   * Analyzes the security of a regular expression pattern
+   */
+  async analyzePatternSecurity(pattern: string): Promise<RegexSecurityResult> {
+    const warnings: string[] = [];
+    const recommendations: string[] = [];
+    let complexity = 0;
+    let risk: 'low' | 'medium' | 'high' | 'critical' = 'low';
+
+    // Analysis of dangerous patterns
+    const dangerousPatterns = [
+      { pattern: /\*\*/, risk: 'high' as const, message: 'Nested quantifiers (catastrophic backtracking)' },
+      { pattern: /\+\+/, risk: 'high' as const, message: 'Nested plus quantifiers' },
+      { pattern: /\(\?\=/, risk: 'medium' as const, message: 'Lookahead assertions' },
+      { pattern: /\(\?\!/, risk: 'medium' as const, message: 'Negative lookahead' },
+      { pattern: /\(\?\:/, risk: 'low' as const, message: 'Non-capturing groups' },
+      { pattern: /\(\?\</, risk: 'high' as const, message: 'Lookbehind assertions' },
+      { pattern: /\(\?\(\?\)/, risk: 'critical' as const, message: 'Recursive patterns' },
+      { pattern: /(\{(\d+,)?\d+\})/, risk: 'medium' as const, message: 'Quantified repetition' },
+      { pattern: /(\.\*)|(\.+)|(\.\?)/, risk: 'medium' as const, message: 'Greedy quantifiers with dot' },
+      { pattern: /(\[.*\*.*\])|(\[.*\+.*\])/, risk: 'medium' as const, message: 'Character classes with quantifiers' }
+    ];
+
+    // Calculate complexity
+    complexity = this.calculateComplexity(pattern);
+
+    // Evaluate dangerous patterns
+    for (const dangerous of dangerousPatterns) {
+      if (dangerous.pattern.test(pattern)) {
+        warnings.push(dangerous.message);
+        if (this.getRiskLevel(dangerous.risk) > this.getRiskLevel(risk)) {
+          risk = dangerous.risk;
+        }
+      }
+    }
+
+    // Recommendations based on the analysis
+    if (complexity > 10) {
+      recommendations.push('Consider simplifying the pattern');
+      risk = this.getRiskLevel(risk) > this.getRiskLevel('high') ? risk : 'high';
+    }
+
+    if (pattern.includes('**') || pattern.includes('++')) {
+      recommendations.push('Avoid nested quantifiers to prevent catastrophic backtracking');
+    }
+
+    if (pattern.length > 100) {
+      recommendations.push('Long patterns are harder to maintain and may impact performance');
+    }
+
+    const safe = risk !== 'critical' && warnings.length === 0;
+
+    return {
+      safe,
+      complexity,
+      risk,
+      warnings,
+      recommendations
+    };
+  }
+
+  /**
+   * Executes the regular expression in a Web Worker
+   */
+  private async executeInWorker(
+    pattern: string,
+    text: string,
+    config: RegexSecurityConfig
+  ): Promise<RegexTestResult> {
+    return new Promise((resolve) => {
+      const workerName = `regex-worker-${Date.now()}`;
+      
+      try {
+        // Create temporary worker
+        const workerCode = this.generateWorkerCode();
+        const blob = new Blob([workerCode], { type: 'application/javascript' });
+        const worker = new Worker(URL.createObjectURL(blob));
+        
+        this.workers.set(workerName, worker);
+
+        const taskId = `regex_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+        
+        const task = {
+          id: taskId,
+          type: 'regex-test',
+          data: {
+            pattern,
+            text,
+            timeout: config.timeout || 5000
+          }
+        };
+
+        // Timeout for execution
+        const timeoutId = setTimeout(() => {
+          worker.terminate();
+          this.workers.delete(workerName);
+          resolve({
+            match: false,
+            executionTime: 0,
+            timeout: true,
+            error: 'Execution timeout'
+          });
+        }, config.timeout || 5000);
+
+        worker.onmessage = (event) => {
+          clearTimeout(timeoutId);
+          worker.terminate();
+          this.workers.delete(workerName);
+          
+          if (event.data.id === taskId) {
+            resolve(event.data.data as RegexTestResult);
+          }
+        };
+
+        worker.onerror = (error) => {
+          clearTimeout(timeoutId);
+          worker.terminate();
+          this.workers.delete(workerName);
+          resolve({
+            match: false,
+            executionTime: 0,
+            timeout: false,
+            error: `Worker error: ${error.message || 'Unknown error'}`
+          });
+        };
+
+        worker.postMessage(task);
+      } catch (error) {
+        resolve({
+          match: false,
+          executionTime: 0,
+          timeout: false,
+          error: `Failed to create worker: ${error instanceof Error ? error.message : 'Unknown error'}`
+        });
+      }
+    });
+  }
+
+  /**
+   * Generates the Web Worker code
+   */
+  private generateWorkerCode(): string {
+    return `
+      self.addEventListener('message', function(event) {
+        const task = event.data;
+        
+        if (task.type === 'regex-test') {
+          const { pattern, text, timeout } = task.data;
+          const startTime = performance.now();
+          
+          try {
+            const regex = new RegExp(pattern, 'g');
+            const matches = [];
+            let match;
+            
+            while ((match = regex.exec(text)) !== null) {
+              matches.push([...match]);
+              
+              // Prevention of infinite loops
+              if (matches.length > 1000) {
+                throw new Error('Too many matches - possible infinite loop');
+              }
+            }
+            
+            const groups = {};
+            if (matches.length > 0) {
+              const firstMatch = matches[0];
+              for (let i = 1; i < firstMatch.length; i++) {
+                groups[\`group\${i}\`] = firstMatch[i];
+              }
+            }
+            
+            self.postMessage({
+              id: task.id,
+              type: 'regex-result',
+              data: {
+                match: matches.length > 0,
+                matches,
+                groups,
+                executionTime: performance.now() - startTime,
+                timeout: false
+              }
+            });
+          } catch (error) {
+            self.postMessage({
+              id: task.id,
+              type: 'regex-result',
+              data: {
+                match: false,
+                executionTime: performance.now() - startTime,
+                timeout: false,
+                error: error.message || 'Execution error'
+              }
+            });
+          }
+        }
+      });
+    `;
+  }
+
+  /**
+   * Calculates the complexity of a pattern
+   */
+  private calculateComplexity(pattern: string): number {
+    let complexity = 0;
+    
+    // Nested quantifiers increase complexity
+    complexity += (pattern.match(/\*\*/g) || []).length * 5;
+    complexity += (pattern.match(/\+\+/g) || []).length * 5;
+    complexity += (pattern.match(/\?\?/g) || []).length * 3;
+    
+    // Lookaheads/lookbehinds
+    complexity += (pattern.match(/\(\?\=/g) || []).length * 2;
+    complexity += (pattern.match(/\(\?\!/g) || []).length * 2;
+    complexity += (pattern.match(/\(\?\</g) || []).length * 3;
+    
+    // Nested groups
+    const openParens = (pattern.match(/\(/g) || []).length;
+    complexity += openParens * 0.5;
+    
+    // Pattern length
+    complexity += pattern.length * 0.01;
+    
+    return Math.round(complexity * 100) / 100;
+  }
+
+  /**
+   * Gets numeric risk level
+   */
+  private getRiskLevel(risk: 'low' | 'medium' | 'high' | 'critical'): number {
+    const levels = { 'low': 1, 'medium': 2, 'high': 3, 'critical': 4 };
+    return levels[risk] || 0;
+  }
+
+  /**
+   * Merges configuration with default values
+   */
+  private mergeConfig(config: RegexSecurityConfig): Required<RegexSecurityConfig> {
+    return {
+      timeout: config.timeout || 5000,
+      maxComplexity: config.maxComplexity || 10,
+      allowBacktracking: config.allowBacktracking || false,
+      safeMode: config.safeMode || false
+    };
+  }
+
+  /**
+   * Cleans up resources when the service is destroyed
+   */
+  ngOnDestroy(): void {
+    this.workers.forEach(worker => {
+      worker.terminate();
+    });
+    this.workers.clear();
+  }
+}
+
+/**
+ * Builder pattern to construct safe regular expressions
+ */
+export class RegexSecurityBuilder {
+  private patternValue: string = '';
+  private optionsValue: RegexBuilderOptions = {};
+  private securityConfigValue: RegexSecurityConfig = {};
+
+  /**
+   * Defines the base pattern
+   */
+  pattern(pattern: string): RegexSecurityBuilder {
+    this.patternValue = pattern;
+    return this;
+  }
+
+  /**
+   * Appends text to the current pattern
+   */
+  append(text: string): RegexSecurityBuilder {
+    this.patternValue += text;
+    return this;
+  }
+
+  /**
+   * Adds a capturing group
+   */
+  group(content: string, name?: string): RegexSecurityBuilder {
+    if (name) {
+      this.patternValue += `(?<${name}>${content})`;
+    } else {
+      this.patternValue += `(${content})`;
+    }
+    return this;
+  }
+
+  /**
+   * Adds a non-capturing group
+   */
+  nonCapturingGroup(content: string): RegexSecurityBuilder {
+    this.patternValue += `(?:${content})`;
+    return this;
+  }
+
+  /**
+   * Adds an alternative
+   */
+  or(alternative: string): RegexSecurityBuilder {
+    this.patternValue += `|${alternative}`;
+    return this;
+  }
+
+  /**
+   * Adds a quantifier
+   */
+  quantifier(quantifier: '*' | '+' | '?' | '{n}' | '{n,}' | '{n,m}'): RegexSecurityBuilder {
+    this.patternValue += quantifier;
+    return this;
+  }
+
+  /**
+   * Adds a character set
+   */
+  characterSet(chars: string, negate = false): RegexSecurityBuilder {
+    this.patternValue += `[${negate ? '^' : ''}${chars}]`;
+    return this;
+  }
+
+  /**
+   * Adds a start of line anchor
+   */
+  startOfLine(): RegexSecurityBuilder {
+    this.patternValue += '^';
+    return this;
+  }
+
+  /**
+   * Adds an end of line anchor
+   */
+  endOfLine(): RegexSecurityBuilder {
+    this.patternValue += '$';
+    return this;
+  }
+
+  /**
+   * Configures regular expression options
+   */
+  options(options: RegexBuilderOptions): RegexSecurityBuilder {
+    this.optionsValue = { ...this.optionsValue, ...options };
+    return this;
+  }
+
+  /**
+   * Configures security options
+   */
+  security(config: RegexSecurityConfig): RegexSecurityBuilder {
+    this.securityConfigValue = { ...this.securityConfigValue, ...config };
+    return this;
+  }
+
+  /**
+   * Configures timeout
+   */
+  timeout(ms: number): RegexSecurityBuilder {
+    this.securityConfigValue.timeout = ms;
+    return this;
+  }
+
+  /**
+   * Activates safe mode
+   */
+  safeMode(): RegexSecurityBuilder {
+    this.securityConfigValue.safeMode = true;
+    return this;
+  }
+
+  /**
+   * Builds the final regular expression
+   */
+  build(): { pattern: string; options: RegexBuilderOptions; security: RegexSecurityConfig } {
+    return {
+      pattern: this.patternValue,
+      options: this.optionsValue,
+      security: this.securityConfigValue
+    };
+  }
+
+  /**
+   * Builds and executes the regular expression
+   */
+  async execute(text: string, service: RegexSecurityService): Promise<RegexTestResult> {
+    const { pattern, security } = this.build();
+    return service.testRegex(pattern, text, security);
+  }
+}