You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Type of Issue
Potential Regex Denial of Service (ReDoS)
Description
Here are three regular expressions with ReDos vulnerabilities, as shown below.
regex1 = /( +)[^:]+::/location
The ReDOS vulnerability of the regex is mainly due to the sub-pattern ( +)[^:]+ and can be exploited with the following string " " * 5000 It took 44.0 seconds for regex1 to match the malicious string
regex2 = /\bOBTW\s+[\s\S]*?\s+TLDR\b/location
The ReDOS vulnerability of the regex is mainly due to the sub-pattern \s+[\s\S]*?\s+ and can be exploited with the following string "OBTW" + " " * 5000 It took 44.6 seconds for regex2 to match the malicious string
regex3 = /^(#{1,6})[ \t]*(.+?)[ \t]*#*\n+/location1location2
The ReDOS vulnerability of the regex is mainly due to the sub-pattern [ \t]*(.+?)[ \t]* and can be exploited with the following string "#" + " " * 5000 It took 51.4 seconds for regex3 to match the malicious string
I prepared a script that showcases the execution times of the vulnerable regexes as follows.
// When attack_str.length=5000 , it took 44.0 secondsregex1=/(+)[^:]+::/;varattack_str=" ";console.log("regex1: "+regex1)for(leti=1;i<5000;i++){attack_str=attack_str+" ";if(attack_str.length%100==0){vartime=Date.now();regex1.test(attack_str);varrun_time=Date.now()-time;console.log("attack_str.length: "+attack_str.length+": "+run_time+" ms")}}//When attack_str.length=5000 , it took 44.6 secondsregex2=/\bOBTW\s+[\s\S]*?\s+TLDR\b/;varattack_str="OBTW";console.log("regex2: "+regex2)for(leti=1;i<5000;i++){attack_str=attack_str+" ";if(attack_str.length%100==0){vartime=Date.now();regex2.test(attack_str);varrun_time=Date.now()-time;console.log("attack_str.length: "+attack_str.length+": "+run_time+" ms")}}// When attack_str.length=5000 , it took 51.4 secondsregex3=/^(#{1,6})[\t]*(.+?)[\t]*#*\n+/;varattack_str="#";console.log("regex3: "+regex3)for(leti=1;i<5000;i++){attack_str=attack_str+" ";if(attack_str.length%100==0){vartime=Date.now();regex3.test(attack_str);varrun_time=Date.now()-time;console.log("attack_str.length: "+attack_str.length+": "+run_time+" ms")}}
I am willing to suggest that you limit the input length, modify these regexes or replace these regexes with other codes.
The text was updated successfully, but these errors were encountered:
Type of Issue
Potential Regex Denial of Service (ReDoS)
Description
Here are three regular expressions with ReDos vulnerabilities, as shown below.
regex1 = /( +)[^:]+::/
locationThe ReDOS vulnerability of the regex is mainly due to the sub-pattern
( +)[^:]+
and can be exploited with the following string" " * 5000
It took 44.0 seconds for regex1 to match the malicious string
regex2 = /\bOBTW\s+[\s\S]*?\s+TLDR\b/
locationThe ReDOS vulnerability of the regex is mainly due to the sub-pattern
\s+[\s\S]*?\s+
and can be exploited with the following string"OBTW" + " " * 5000
It took 44.6 seconds for regex2 to match the malicious string
regex3 = /^(#{1,6})[ \t]*(.+?)[ \t]*#*\n+/
location1 location2The ReDOS vulnerability of the regex is mainly due to the sub-pattern
[ \t]*(.+?)[ \t]*
and can be exploited with the following string"#" + " " * 5000
It took 51.4 seconds for regex3 to match the malicious string
I prepared a script that showcases the execution times of the vulnerable regexes as follows.
I am willing to suggest that you limit the input length, modify these regexes or replace these regexes with other codes.
The text was updated successfully, but these errors were encountered: