Provide a more accurate count of max possible backtracks

tjenkinson / redos-detector

A CLI and library which tests with certainty if a regex pattern is safe from ReDoS attacks. Supported in the browser, Node and Deno.

https://redosdetector.com

MIT License

43 stars 4 forks source link

Provide a more accurate count of max possible backtracks #445

Closed tjenkinson closed 1 month ago

tjenkinson commented 1 year ago

With ^(1|1|2|2)$ the tool will currently report 2 backtracks even though there can only be 1. This is because it doesn't check to see if the same input string could be used for both backtracks, which it can't.

^(1|1|2|2|[12])$ should result in 3.

Not sure how expensive this could be to calculate.

tjenkinson commented 1 month ago

Done in https://github.com/tjenkinson/redos-detector/pull/618

kurtextrem commented 1 month ago

nice!