James C. (Jamie) Davis
James C. (Jamie) Davis
JASON doesn't work on node version 0.12.7. ``` (11:06:16) jamie@suwarna7-Lenovo-K450e ~ $ node -v v0.12.7 (11:06:17) jamie@suwarna7-Lenovo-K450e ~ $ npm install JASON /home/jamie3 └── [email protected] npm WARN enoent ENOENT, open...
Fix the REDOS security vulnerability I disclosed by email.
It doesn't look like your scanner checks for regexes vulnerable to catastrophic backtracking (-> REDOS). To do that you could use some tools I built [here](https://github.com/davisjam/vuln-regex-detector). The underlying detectors incur...
Regular expressions can be vulnerable to [Regular Expression Denial of Service (ReDoS)](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS). Snyk.io has a good [writeup](https://snyk.io/blog/redos-and-catastrophic-backtracking/), and the .NET docs have a thorough treatment as well ([1](https://docs.microsoft.com/en-us/dotnet/standard/base-types/best-practices), [2](https://docs.microsoft.com/en-us/dotnet/standard/base-types/backtracking-in-regular-expressions)). Catastrophic...
A Changeset now includes a message as well as author/committer objects modeled on JGit's PersonIdent. This is a breaking change for anyone who uses ChangeSet's time field. The payoff is...
`GitRepository` has these limits: ```java private static final int MAX_SIZE_OF_A_DIFF = 100000; private static final int DEFAULT_MAX_NUMBER_OF_FILES_IN_A_COMMIT = 5000; ``` If you set these values both to 1, you will...
Example: I cloned the popular [libuv](https://github.com/libuv/libuv) library and tried to extract monthly commits. I ended up with 16 commits even though the project has had regular commits since 2011 (expected...
Needs some sections filled in.
At the moment we suppress exceptions thrown by Studies, and some exceptions thrown by CommitVisitors. 1. I think coarse "throw Study exceptions?" and "throw CommitVisitor exceptions?" knobs might be nice....