Open github-actions[bot] opened 2 years ago
- | Message | ||
---|---|---|---|
[([^\\_] | @escapes | _(?!_))+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '@escapes'. |
[([^\\*] | @escapes | \*(?!\*))+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings starting with '**' and containing many repetitions of '@escapes'. |
[([^\\*] | @escapes)+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings starting with '*' and containing many repetitions of '@escapes'. | |
[([^\\`] | @escapes)+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings starting with '`' and containing many repetitions of '@escapes'. | |
[(?:[^\]\\] | @escapes)*](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of '@escapes'. | |
[(?:[^\]\\] | @escapes)*](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) | This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of '@escapes'. |
- | Message | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
[((([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]) | (([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z] | \d | - | \. | _ | ~ | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/sharedaddy/sharing.js#L412) | This part of the regular expression may cause exponential backtracking on strings starting with 'a@' and containing many repetitions of '9.9.'. |
[([a-z] | \d | - | \. | _ | ~ | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/sharedaddy/sharing.js#L412) | This part of the regular expression may cause exponential backtracking on strings starting with 'a@a' and containing many repetitions of '9.9'. | |||||||
[((([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]) | (([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z] | \d | - | \. | _ | ~ | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z] | \d | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/widgets/simple-payments/customizer.js#L304) | This part of the regular expression may cause exponential backtracking on strings starting with 'a@' and containing many repetitions of '9.9.'. |
[([a-z] | \d | - | \. | _ | ~ | [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/widgets/simple-payments/customizer.js#L304) | This part of the regular expression may cause exponential backtracking on strings starting with 'a@a' and containing many repetitions of '9.9'. |
- | Message | |||
---|---|---|---|---|
[([^\-] | [\r\n] | -[^\-])*](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L325) | This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '\n'. | |
[([^*] | [\r\n] | (\*+([^*/] | [\r\n])))*](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L341) | This part of the regular expression may cause exponential backtracking on strings starting with '/*' and containing many repetitions of '\n'. |
[([^*/] | [\r\n])](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L341) | This part of the regular expression may cause exponential backtracking on strings starting with '/**' and containing many repetitions of '\n*'. |
- | Message | |
---|---|---|
[(?:\\\] | .)*?](https://github.com/B3Partners/tailormap/blob/HEAD/viewer/src/main/webapp/extjs/ext-all-debug.js#L28478) | This part of the regular expression may cause exponential backtracking on strings starting with '[=' and containing many repetitions of '\\]'. |
[(?:\\\] | .)*?](https://github.com/B3Partners/tailormap/blob/HEAD/viewer-admin/src/main/webapp/extjs/ext-all-debug.js#L28478) | This part of the regular expression may cause exponential backtracking on strings starting with '[=' and containing many repetitions of '\\]'. |
Query
Click to expand
```ql /** * @name Inefficient regular expression * @description A regular expression that requires exponential time to match certain inputs * can be a performance bottleneck, and may be vulnerable to denial-of-service * attacks. * @kind problem * @problem.severity error * @security-severity 7.5 * @precision high * @id js/redos * @tags security * external/cwe/cwe-1333 * external/cwe/cwe-730 * external/cwe/cwe-400 */ import javascript import semmle.javascript.security.performance.ReDoSUtil import semmle.javascript.security.performance.ExponentialBackTracking from RegExpTerm t, string pump, State s, string prefixMsg where hasReDoSResult(t, pump, s, prefixMsg) select t, "This part of the regular expression may cause exponential backtracking on strings " + prefixMsg + "containing many repetitions of '" + pump + "'." ```Results