email-validator icon indicating copy to clipboard operation
email-validator copied to clipboard
verified publisher icon manishsaraan

the regex failed vulnerability check ?

Open xiuqingli opened this issue 5 years ago • 1 comments

I did a vulnerability test of the regex.

  1. it failed in https://www.npmjs.com/package/safe-regex
  2. 'Invalid' in https://www.npmjs.com/package/vuln-regex-detector, I don't know why it's invalid, will follow up.

Should I worry about the vulnerability of the regex used in the package?

Thanks!

xiuqingli avatar Jan 20 '20 16:01 xiuqingli

It's a bit late to reply, but I found that

  1. safe-regex is false positive on this regex because it has nested repetitions while it is actually safe.
  2. vuln-regex-detector reports everything as invalid as the server is down (davisjam/vuln-regex-detector#72). Doing real testing by executing the perl script directly reports the regex as safe.

Disclaimer: I'm not a security expert.

Alan-Liang avatar Feb 20 '21 08:02 Alan-Liang