Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tjenkinson/eslint-plugin-redos-detector

An ESLint plugin that detects vulnerable regex using "https://github.com/tjenkinson/redos-detector".
https://github.com/tjenkinson/eslint-plugin-redos-detector

eslint eslint-plugin redos redos-detector

Last synced: about 2 months ago
JSON representation

An ESLint plugin that detects vulnerable regex using "https://github.com/tjenkinson/redos-detector".

Host: GitHub
URL: https://github.com/tjenkinson/eslint-plugin-redos-detector
Owner: tjenkinson
License: mit
Created: 2022-01-29T21:50:00.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-04-13T02:37:06.000Z (5 months ago)
Last Synced: 2024-04-14T10:00:59.843Z (5 months ago)
Topics: eslint, eslint-plugin, redos, redos-detector
Language: TypeScript
Homepage:
Size: 1.77 MB
Stars: 4
Watchers: 5
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

awesome-eslint - ReDoSDetector - ESLint plugin for finding possible ReDoS vulnerabilities. (Plugins / Practices and Specific ES Features)

README

        # eslint-plugin-redos-detector

An ESLint plugin that detects vulnerable regex using "[RedosDetector](https://github.com/tjenkinson/redos-detector)". It processes all [RegExp](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp) literals. I.e. `/ab+c/` but not `new RegExp('ab+c')`.

## Installation

You'll first need to install [ESLint](https://github.com/eslint/eslint):

```sh

npm i eslint --save-dev

```

Next, install [`eslint-plugin-redos-detector`](https://www.npmjs.com/package/eslint-plugin-redos-detector):

```sh

npm i --save-dev eslint-plugin-redos-detector

```

## Usage

Add `redos-detector` to the plugins section of your `.eslintrc` configuration file.

```json

{

  "plugins": ["redos-detector"]

}

```

Then configure the rule under the rules section.

```json

{

  "rules": {

    "redos-detector/no-unsafe-regex": "error"

  }

}

```

Or do the following to provide options.

```json

{

  "rules": {

    "redos-detector/no-unsafe-regex": [

      "error",

      {

        "ignoreError": true

      }

    ]

  }

}

```

### Options

- `ignoreError`: If `true` any error getting results be ignored. It's possible for the detection to fail with some patterns, or if the patten is malformed or uses unsupported features. See [this doc](https://github.com/tjenkinson/redos-detector/blob/main/README.md#options) for the type of errors. _(Default: `false`)_

- `maxSteps`: See the option in [this doc](https://github.com/tjenkinson/redos-detector/blob/main/README.md#options) with the same name. _(Default: See linked doc)_

- `maxBacktracks`: See the option in [this doc](https://github.com/tjenkinson/redos-detector/blob/main/README.md#options) with the same name. _(Default: See linked doc)_

- `timeout`: See the option in [this doc](https://github.com/tjenkinson/redos-detector/blob/main/README.md#options) with the same name. _(Default: See linked doc)_