1 | # safe-regex
|
2 |
|
3 | Detect potentially
|
4 | [catastrophic](http://regular-expressions.mobi/catastrophic.html)
|
5 | [exponential-time](http://perlgeek.de/blog-en/perl-tips/in-search-of-an-exponetial-regexp.html)
|
6 | regular expressions by limiting the
|
7 | [star height](https://en.wikipedia.org/wiki/Star_height) to 1.
|
8 |
|
9 | WARNING: This module has both false positives and false negatives.
|
10 | Use [vuln-regex-detector](https://github.com/davisjam/vuln-regex-detector) for improved accuracy.
|
11 |
|
12 | [![browser support](https://ci.testling.com/substack/safe-regex.png)](https://ci.testling.com/substack/safe-regex)
|
13 |
|
14 | [![build status](https://secure.travis-ci.org/substack/safe-regex.png)](http://travis-ci.org/substack/safe-regex)
|
15 |
|
16 | # Example
|
17 |
|
18 | ``` js
|
19 | var safe = require('safe-regex');
|
20 | var regex = process.argv.slice(2).join(' ');
|
21 | console.log(safe(regex));
|
22 | ```
|
23 |
|
24 | ```
|
25 | $ node safe.js '(x+x+)+y'
|
26 | false
|
27 | $ node safe.js '(beep|boop)*'
|
28 | true
|
29 | $ node safe.js '(a+){10}'
|
30 | false
|
31 | $ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
|
32 | true
|
33 | ```
|
34 |
|
35 | # Methods
|
36 |
|
37 | ``` js
|
38 | const safe = require('safe-regex')
|
39 | ```
|
40 |
|
41 | ## const ok = safe(re, opts={})
|
42 |
|
43 | Return a boolean `ok` whether or not the regex `re` is safe and not possibly
|
44 | catastrophic.
|
45 |
|
46 | `re` can be a `RegExp` object or just a string.
|
47 |
|
48 | If the `re` is a string and is an invalid regex, returns `false`.
|
49 |
|
50 | * `opts.limit` - maximum number of allowed repetitions in the entire regex.
|
51 | Default: `25`.
|
52 |
|
53 | # Install
|
54 |
|
55 | With [npm](https://npmjs.org) do:
|
56 |
|
57 | ```
|
58 | npm install safe-regex
|
59 | ```
|
60 |
|
61 | # License
|
62 |
|
63 | MIT
|