issues
search
davisjam
/
vuln-regex-detector
Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
MIT License
316
stars
27
forks
source link
Missed vulns
#48
Closed
davisjam
closed
6 years ago
davisjam
commented
6 years ago
Detectors miss:
/a+$/ is vulnerable but detectors miss it.
/a{1,100}a{1,100}a{1,100}$/ is vulnerable but detectors time out.
Detectors miss: