vuln-regex-detector
vuln-regex-detector copied to clipboard
davisjam
Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
Trying the examples at https://www.npmjs.com/package/vuln-regex-detector#example we see it take a long time (more than 2 minutes) in `.testSync()` and `.test()` throws an error with reason `INVALID`. Is this expected? ...
Using the example code here: https://www.npmjs.com/package/vuln-regex-detector ``` /c/dev/tmp/safe $ node . (node:12616) UnhandledPromiseRejectionWarning: INVALID (node:12616) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function...
OS: Ubuntu 20.04 I cloned the repository and set the environment variable `VULN_REGEX_DETECTOR_ROOT` to the repo root and I also ran the `configure` script. Then, I try to run the...
OS: Windows 10 When I try to build Docker image I get following error: `docker build -t vuln-regex-detector .` ``` [+] Building 6.3s (10/10) FINISHED => [internal] load build definition...
Bumps [junit](https://github.com/junit-team/junit4) from 4.11 to 4.13.1. Release notes Sourced from junit's releases. JUnit 4.13.1 Please refer to the release notes for details. JUnit 4.13 Please refer to the release notes...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
[kk@lfgphicprd07444 ~]$ perl check-regex.pl test/check-regex/unsafe-1.json Can't locate JSON/PP.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at check-regex.pl line 11. BEGIN failed--compilation aborted at check-regex.pl line 11.
Node.js?
I saw in your fork of `safe-regex` that you recommend this project instead. But is it designed to work on Node regular expressions? And in any case, maybe we should...
For example: "^\d+": SAFE "^\d+:": INVALID "^\d+z": INVALID "(a+)+$": VULNERABLE "(b+)+$": INVALID "x": INVALID
I have been unable to get the client to work initially, because every call to "test()" came back with "INVALID". The cause turned out to be this: { "code": "CERT_HAS_EXPIRED"...