https://github.com/rundevelopment/scslre

A library to find JS RegExp with super-linear worst-case time complexity for attack strings that repeat a single character.
https://github.com/rundevelopment/scslre

regex

Last synced: 9 months ago
JSON representation

A library to find JS RegExp with super-linear worst-case time complexity for attack strings that repeat a single character.

• Host: GitHub
• URL: https://github.com/rundevelopment/scslre
• Owner: RunDevelopment
• License: mit
• Created: 2020-12-27T16:10:55.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2023-10-20T19:38:20.000Z (over 2 years ago)
• Last Synced: 2024-06-18T21:44:49.290Z (almost 2 years ago)
• Topics: regex
• Language: TypeScript
• Homepage:
• Size: 609 KB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Single-character super-linear RegExps

what a name...

[![Actions Status](https://github.com/RunDevelopment/scslre/workflows/CI/badge.svg)](https://github.com/RunDevelopment/scslre/actions)

[![npm](https://img.shields.io/npm/v/scslre)](https://www.npmjs.com/package/scslre)

A library to find JS RegExp with super-linear worst-case time complexity for attack strings that repeat a single character.

The static analysis method implemented by this library focuses on finding attack string tuples where a single character is repeated. This major limitation allows the library to be fast while also offering decent support for backreferences and [assertions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Assertions).

This library is not intended as a full static analysis to guard against super-linear worst-case time complexity. It is meant to be as a supplementary analysis on top of existing general analysis methods that don't (or don't fully) support advanced regex features, or as a lightweight analysis on top of existing full (but heavyweight) analysis methods. Libraries that provide such general or near-full analysis are known as [recheck](https://github.com/MakeNowJust-Labo/recheck) and [vuln-regex-detector](https://github.com/davisjam/vuln-regex-detector). You may consider using these libraries as well.

## Usage

This library exports only a single function, `analyse`, which takes a RegExp literal and returns a list of reports that show the quantifiers causing super-linear worst-case time complexity.

### Documentation

For more information on the exact inputs and outputs of each function, see the full API documentation.

- [Latest release](https://rundevelopment.github.io/scslre/docs/latest/)

- [Development](https://rundevelopment.github.io/scslre/docs/dev/)

## Limitations

### Analysis

This library is implemented using a very limited static analysis method that can only find attack strings where a single character is repeated. Attack strings are generated from a tuple _(x,y,z)_ such that every string _s = xynz_ (or `x + y.repeat(n) + z` for JS folks) takes _O(np)_ or _O(2n)_ many steps to reject, p>1. This analysis method can only find tuples where _y_ is a single character. E.g. the polynomial backtracking in `/^(ab)*(ab)*$/` for _(x,y,z) = ("", "ab", "c")_ cannot be detected by this library because _y_ is not a single character.

However, this limitation allows the static analysis method to be quick and to provide good (but not perfect) support for backreferences and assertions (e.g. `\b`, `(?