You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ReDoS vulnerability is an algorithmic complexity vulnerability that usually appears in backtracking-kind regex engines, e.g. the python default regex engine. The attacker can construct malicious input to trigger the worst-case time complexity of the regex engine to make a denial-of-service attack.
In this project, here has used the ReDoS vulnerable regex (".*?"|[^",\r\n]+)(?=\s*[,\r\n]|\s*$) that can be triggered by the below PoC:
The cause of this vulnerability is the use of the backtracking-kind regex engine. I recommend the author to use the RE2 regex engine developed by google, but it doesn't support lookaround and backreference extension features, so we need to change the original regex and add additional code constraints. Here is my repair solution:
const RE2 = require('re2');
function safe_match(string) {
let res = [];
const r1 = new RE2('(".*?"|[^",\r\n]+)', 'g');
const r2 = new RE2('(\s*[,\r\n]|\s*$)', 'g');
let matches = r1.exec(string);
r1.lastIndex = 0;
for (let match of matches) {
let end = string.indexOf(match) + match.length;
let postfix = string.substr(end);
if (r2.test(postfix)) {
res.push(match);
}
}
return res;
}
The match semantics of the new regex + code constraint above is equivalent to the original regex.
I hope the author can adopt this repair solution and I would be very grateful. Thanks!
The text was updated successfully, but these errors were encountered:
Description
ReDoS vulnerability is an algorithmic complexity vulnerability that usually appears in backtracking-kind regex engines, e.g. the python default regex engine. The attacker can construct malicious input to trigger the worst-case time complexity of the regex engine to make a denial-of-service attack.
In this project, here has used the ReDoS vulnerable regex
(".*?"|[^",\r\n]+)(?=\s*[,\r\n]|\s*$)
that can be triggered by the below PoC:How to repair
The cause of this vulnerability is the use of the backtracking-kind regex engine. I recommend the author to use the RE2 regex engine developed by google, but it doesn't support lookaround and backreference extension features, so we need to change the original regex and add additional code constraints. Here is my repair solution:
The match semantics of the new regex + code constraint above is equivalent to the original regex.
I hope the author can adopt this repair solution and I would be very grateful. Thanks!
The text was updated successfully, but these errors were encountered: