davisjam
commented
6 years ago @demands requests more links about catastrophic backtracking and REDOS as a security issue vs. a performance issue.
Open davisjam opened 6 years ago
davisjam
commented
6 years ago @demands requests more links about catastrophic backtracking and REDOS as a security issue vs. a performance issue.
Feedback from @calligraphic here. Quoted below:
Thanks for taking the time to write that up. I think I'll use it with a local persistent cache and the eslint plugin; eslint's // eslint-disable-line method works for marking a particular regexp safe for my use case.
Thanks again for a great library. I'd like to mention that, at least for me, the documentation on the GitHub page is a little confusing. There's not a link to the eslint plugin on either that page or a link to it on the NPM page for the vuln-regex-detector module. The documentation for the extraction function mentions it handles code "written [in] any of the supported languages", but doesn't mention what those supported languages are (Python and Javascript, from your answer above).
Also, I need to look in the source of extract-regexes.pl to find the text string to use for specifying languages (javascript or python), instead of it being explicit in the documentation. Since python3 is the package name in Debian and RPM repos for Python version 3, naively I'd of tried using it (and get the Error, could not find regexp extractor... message). A similar issue probably applies to TypeScript. It might help other developers interested in the project to have that information easily at hand.
Thanks again for a great project!