Module PolynomialReDoS
Module containing sources, sinks, and sanitizers for polynomial regular expression denial-of-service attacks.
Import path
import semmle.javascript.security.regexp.PolynomialReDoSCustomizationsImports
| Make<RegExpTreeView::RegExpTreeView> | A parameterized module implementing the analysis described in the above papers. |
Predicates
| isCharClassLike | Holds if |
Classes
| BarrierGuard | A barrier guard for polynomial regular expression denial-of-service attacks. |
| ExternalInputSource | A parameter of an exported function, seen as a source for polynomial-redos. |
| LengthGuard | An check on the length of a string, seen as a sanitizer guard. |
| PolynomialBackTrackingTermUse | A use of a superlinear backtracking term, seen as a sink for polynomial regular expression denial-of-service vulnerabilities. |
| RequestInputAccessAsSource | A remote input to a server, seen as a source for polynomial regular expression denial-of-service vulnerabilities. |
| Sanitizer | A sanitizer for polynomial regular expression denial-of-service vulnerabilities. |
| Sink | A data flow sink node for polynomial regular expression denial-of-service vulnerabilities. |
| Source | A data flow source node for polynomial regular expression denial-of-service vulnerabilities. |
| StringLengthLimiter | An operation that limits the length of a string, seen as a sanitizer. |