cache: server should stick to UNKNOWN if none of the detectors can parse the regex

davisjam / vuln-regex-detector

Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.

MIT License

320 stars 29 forks source link

cache: server should stick to UNKNOWN if none of the detectors can parse the regex #32

Open davisjam opened 6 years ago

davisjam commented 6 years ago

See this regex, for example. None of the state-of-the-art detectors can handle the \b (word boundary). It would be more appropriate for the server to discard than place this in the lookup table.

davisjam commented 6 years ago

The code to change is here in validate-uploads.