it returns "Not sure if regex is safe or not" for me every time since last 3-4 of hours

[bhaveshj21]

HI, I was trying to check the vulnerability of my regex but it returns "Not sure if regex is safe or not" , I tried it with 3 different regex even with the regex mentioned in the example I see this response only

this is my code

const vulnRegexDetector = require('vuln-regex-detector');

const regex = /\{\w+\}\s*\w+(\.?\w+\.?\w+\.?\w+)*\s*\{\w+\}/g; // RegExp
const pattern = regex.source; // String

const cacheConfig = {
    type: vulnRegexDetector.cacheTypes.persistent
};
const config = {
    cache: cacheConfig
};

/* This runs synchronously so it's expensive.
 * It uses a persistent cache, so subsequent queries in this process or another one
 * can be resolved locally. */
const result = vulnRegexDetector.testSync(regex, config);
console.log(`I got ${result}`);

vulnRegexDetector.test(pattern, config)
    .then((result) => {
        if (result === vulnRegexDetector.responses.vulnerable) {
            console.log('Regex is vulnerable');
        } else if (result === vulnRegexDetector.responses.safe) {
            console.log('Regex is safe');
        } else {
            console.log('Not sure if regex is safe or not');
        }
    });

[davisjam]

Thanks for the report. I'll take a look.

[bhaveshj21]

sure thanks.

[BannerBomb]

just as an update it does me also

[promisenxu]

@davisjam Just tried - the same thing happened to me as well.

[davisjam]

@bhaveshj21 @BannerBomb @promisenxu

I've just finished adding a new detector to the backend service and have updated everything.

When I run the query @bhaveshj21 mentioned I get VULNERABLE, possibly thanks to the new detector I introduced. Can any of you confirm that the tool works for you?

[BannerBomb]

@davisjam sorry, I just was notified of this message. But it seems to be working for what I have tested so far.

[davisjam]

@BannerBomb I'm delighted to hear it!