Solution:
In such a case the lesser polynomials may still be effective.
validate-vuln.pl now iterates over the proposed list of pumpPairs
and tries pumpPairs 1..$i.
If any time out we have a winner.
Fixes: #40
Test:
Various tests for check-regex
Misc:
Also fixes issue in check-regex: wrong path to cache-client
Problem: The detectors are eager to exploit higher-order polynomially vulnerable regexes.
In doing so they may overstep and cause a match, so no backtracking is required.
Example: See discussion in Weideman: https://github.com/NicolaasWeideman/RegexStaticAnalysis/issues/11
Solution: In such a case the lesser polynomials may still be effective. validate-vuln.pl now iterates over the proposed list of pumpPairs and tries pumpPairs 1..$i. If any time out we have a winner.
Fixes: #40
Test:
Misc: