vuln-regex-detector cache: server should stick to UNKNOWN if none of the detectors can parse the regex

cache: server should stick to UNKNOWN if none of the detectors can parse the regex

Open davisjam opened this issue 7 years ago • 1 comments

See this regex, for example. None of the state-of-the-art detectors can handle the \b (word boundary). It would be more appropriate for the server to discard than place this in the lookup table.

Apr 05 '18 18:04 davisjam

The code to change is here in validate-uploads.

Apr 05 '18 18:04 davisjam

vuln-regex-detector vuln-regex-detector copied to clipboard

cache: server should stick to UNKNOWN if none of the detectors can parse the regex

vuln-regex-detector
vuln-regex-detector copied to clipboard