Comments (4)
To avoid the backtracking, you need to give the regex engine clear boundary points that it won't backtrack past. For example, this regex is vulnerable: (a+)+$
, but this one is safe: (ba+)+
(because every time the regex engine sees a "b", it knows it can't re-use the a's before it in another path).
In your example, the problematic piece is (-*[01]+)*$
. Let's see if we can repair it. Observe that the backtracking occurs because the regex engine isn't sure whether it should treat a sequence of [01]
's as "A group of [01]s (not) preceded by a -" or as "Multiple clauses of such groups" (sorry, that probably didn't make sense).
Since what you want is a sequence of [01]
delimited by dashes, possibly with 0 dashes, would this regex work instead?
^[01]+([-]+[01]+)*$
Note I added a + to the first group (since it is always required) and I made the [-]
non-optional.
from learn-regex.
hi @davisjam,
I know this comment is too late from the time you created this issue. I am very happy when i know in this repository there is a person who aware of this vulnerability of Regular Expression Denial of Service (ReDoS).
I have a question that need your help. This is a simple regex: ^[01]([-]*[01]+)*$
And this is a simple sample can cause Catastrophic backtracking: 1010101010101001010&
I tried many ways to convert that regex to another form to gain the same meaning of the origin one but can avoid Catastrophic backtracking. Unfortunately, i can't reach.
Please help me with this.
I am looking to hearing response from you and everyone.
Thanks a lot,
from learn-regex.
@ziishaned I can prepare a PR with a small section about backtracking if you would be interested. Let me know.
from learn-regex.
Thank you so much @davisjam,
After reading your comment carefully, my mind become clearer.
from learn-regex.
Related Issues (20)
- 为什么不舍得介绍 “与” 门 ?
- [Dutch Translation] add 'README-nl.md' file to translations
- Include Inline Modifiers
- reflex
- learn-regex
- Syntax described
- A small typo
- regexp-en.png is invalid
- Indonesian Translation HOT 1
- Positive Lookahead - missing white space in description.
- Polish translation error
- Italian translation HOT 2
- Why did I use this knowledge in C++11 regex but The results are not consistent with expectations ?
- Select only the first match result from multiple result while using Regex
- Please add "/b" explanations and examples HOT 1
- learn-regex Burmese Translation
- ❤
- Lookarounds are not supported in IOS devices HOT 1
- 中文版 建议把2.4章节的描述改一下 HOT 1
- not necessarily and issue but is there a way to exclude posts? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from learn-regex.