Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Suggestion: Detect regexes vulnerable to catastrophic backtracking #105

Open
davisjam opened this issue Apr 9, 2018 · 1 comment
Open

Suggestion: Detect regexes vulnerable to catastrophic backtracking #105

davisjam opened this issue Apr 9, 2018 · 1 comment
Labels
feature request

Comments

@davisjam
Copy link

davisjam commented Apr 9, 2018

It doesn't look like your scanner checks for regexes vulnerable to catastrophic backtracking (-> REDOS).

To do that you could use some tools I built here. The underlying detectors incur dependencies (2 rely on Java, one relies on OCaml).

If dependencies are a problem, I am hosting a server that answers queries, see docs and code here. This requires shipping regexes to my server though.
@KevinHock
Copy link
Collaborator

This is interesting 👍 Thanks for the idea

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KevinHock @davisjam