Vulnerable Regular Expression
This repository was archived by the owner on Sep 7, 2020. It is now read-only.
This repository was archived by the owner on Sep 7, 2020. It is now read-only.
Description
The following regular expression used in parsing the JSON file is vulnerable to ReDoS:
The slowdown is moderately low: for 50.000 characters around 2 seconds matching time. However, I would still suggest one of the following:
- remove the regex,
- anchor the regex,
- limit the number of characters that can be matched by the repetition,
- limit the input size.
If needed, I can provide an actual example showing the slowdown.