regexploit icon indicating copy to clipboard operation
regexploit copied to clipboard

Published 20 hours ago verified publisher icon doyensec

Can't parse atomic groups

Open FilipBruehl opened this issue 3 years ago • 3 comments

I was scanning a bunch of regular expressions with some of them containing atomic groups. Every expression containing an atomic group triggered a parsing error indicating that ?> is an unknown extension. Is this desired behavior by regexploit or will they be supported in further versions?

FilipBruehl avatar Mar 23 '21 10:03 FilipBruehl

Hi, this affects me as well. I would love to see this working.

ihe-nu avatar Apr 06 '21 09:04 ihe-nu

Atomic groups currently aren't supported. I should probably make that explicit in the documentation. Atomic groups are not available in python's regular expression engine but regexploit could add some support for them.

It will be difficult to adapt the heuristic to handle them accurately, but we can start with an approximation of their behaviour with some false positives. Or begin by treating them like non-atomic groups but not causing an error. Not ideal.

While I can imagine some pathological regexes, do you have any real-world examples of ReDoS involving atomic groups?

b-c-ds avatar Apr 06 '21 21:04 b-c-ds

Atomic groups are not available in python's regular expression engine

They are supported from Python 3.11 onwards (scroll down to the (?>...) section), released on Oct 24, 2022.

nth10sd avatar Aug 15 '23 20:08 nth10sd