-
Notifications
You must be signed in to change notification settings - Fork 1.9k
JS/PY/RB: support a limited number of ranges for ReDoS analysis #7097
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
0e37892 to
a983693
Compare
a983693 to
aee9c03
Compare
yoff
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
| import RegExpTreeView | ||
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this not a repetition of line 86?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is.
I'll remove the redundancy.
|
I've rebased this PR on main. |
asgerf
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from JS
The idea of this PR is that
/a{0,100}/is close enough to/a*/that we can just treat them the same.Gets us one step closer to flagging CVE-2021-22902.
Evaluations: Ruby, Python, JavaScript look OK.
The JavaScript evaluation shows that an FP was fixed.