Find regular expressions vulnerable to ReDoS
https://github.com/doyensec/regexploit
Many default regular expression parsers have unbounded worst-case complexity.
Regex matching may be quick when presented with a matching input string.
However, certain non-matching input strings can make the regular expression
matcher go into crazy backtracking loops and take ages to process. This can
cause denial of service, as the CPU will be stuck trying to match the regex.
This tool is designed to:
* find regular expressions which are vulnerable to ReDoS
* give an example malicious string which will cause catastrophic backtracking
Supports:
- C#
- JavaScript/TypeScript (requires node to be installed)
- JSON
- Python
- YAML
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:FactoryCandidates/regexploit && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
regexploit-1.0.0.tar.gz | 0000072704 71 KB | |
regexploit.changes | 0000000376 376 Bytes | |
regexploit.spec | 0000002282 2.23 KB |
Latest Revision
Ana Guerrero (anag+factory)
accepted
request 1143291
from
Sebastian Wagner (sebix)
(revision 2)
- fix shebang of regexploit-python-env fixes boo#1219313
Comments 0