Prepend `[^]*` to patterns that are not bounded at the start

tjenkinson / redos-detector

A CLI and library which tests with certainty if a regex pattern is safe from ReDoS attacks. Supported in the browser, Node and Deno.

https://redosdetector.com

MIT License

43 stars 4 forks source link

Prepend `[^]*` to patterns that are not bounded at the start #612

Closed tjenkinson closed 1 month ago

tjenkinson commented 1 month ago

With this change patterns that are not bounded at the start (e.g. missing ^) will have [^]* prepended when the pattern is downgraded, which happens automatically unless you opt out with the downgradePattern option.

This will find more cases that were previously missed, such as (a+)+.

fixes #606