Lea Rosema on Nostr: TIL about #ReDoS in #javascript which is about abusing regular expressions to make ...
TIL about #ReDoS in #javascript which is about abusing regular expressions to make the expression execution super slow. Got aware of that via the CodeQL github workflow.
https://codeql.github.com/codeql-query-help/javascript/js-redos/
One thing that seems to be problematic is ambiguity where it is difficult to tell what belongs to a group and what doesn't.
Example code:
const aah = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
/a+$/.test(aah) // 1ms
/(a+)+$/.test(aah) // 100000ms
https://codeql.github.com/codeql-query-help/javascript/js-redos/
One thing that seems to be problematic is ambiguity where it is difficult to tell what belongs to a group and what doesn't.
Example code:
const aah = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
/a+$/.test(aah) // 1ms
/(a+)+$/.test(aah) // 100000ms