firasdib
commented
1 year ago That looks interesting, thanks for sharing! The backend dependency will require some additional work load management, but perhaps it could be an on demand button click?
Open mbtools opened 1 year ago
firasdib
commented
1 year ago That looks interesting, thanks for sharing! The backend dependency will require some additional work load management, but perhaps it could be an on demand button click?
mbtools
commented
1 year ago sure, a button would work as well
firasdib
commented
1 year ago Just noticed this library only supports basic regex syntax. That's very unfortunate...
mbtools
commented
1 year ago too, bad. https://www.npmjs.com/package/redos-detector is the other one I know of. it takes an AST from a parser as input.
Feature
Coming back to #600 (which was 8 years ago)... Nowadays, there are excellent libraries available to check a regex against ReDoS vulnerabilities. I suggest adding such check to regex101. For example, recheck could be used to validate the entered regex and return a "safe" or "vulnerable" badge which is shown above the regex.
Examples
Safe regex:
Evil regex:
Evil regex showing complexity as well:
Suggestion
The check does take some time (as one can see in the playground) so it probably should be an option that is off by default.