UNPKG

safe-regex/lib/heuristic-analyzer.js

Version:

1.5 kBJavaScriptView Raw

1// Exports an Analyzer subclass
2
3const regexpTree = require("regexp-tree");
4const analyzer = require("./analyzer");
5
6class HeuristicAnalyzer extends analyzer.Analyzer {
constructor(analyzerOptions) {
  super(analyzerOptions);
}
10
isVulnerable(regExp) {
  // Heuristic #1: Star height > 1
  const starHeight = this._measureStarHeight(regExp);
  if (starHeight > 1) {
    return true;
  }
17
  // Heuristic #2: # repetitions > limit
  // TODO This is a poor heuristic
  const nRepetitions = this._measureRepetitions(regExp);
  if (nRepetitions > this.options.heuristic_replimit) {
    return true;
  }
24
  return false;
}
27
genAttackString(regExp) {
  return null;
}
31
_measureStarHeight(regExp) {
  let currentStarHeight = 0;
  let maxObservedStarHeight = 0;
35
  const ast = regexpTree.parse(regExp);
37
  regexpTree.traverse(ast, {
    Repetition: {
      pre({ node }) {
        currentStarHeight++;
        if (maxObservedStarHeight < currentStarHeight) {
          maxObservedStarHeight = currentStarHeight;
        }
      },
46
      post({ node }) {
        currentStarHeight--;
      }
    }
  });
52
  return maxObservedStarHeight;
}
55
_measureRepetitions(regExp) {
  let nRepetitions = 0;
58
  const ast = regexpTree.parse(regExp);
  regexpTree.traverse(ast, {
    Repetition: {
      pre({ node }) {
        nRepetitions++;
      }
    }
  });
67
  return nRepetitions;
}
70}
71
72module.exports = HeuristicAnalyzer;

1	`// Exports an Analyzer subclass`
2
3	`const regexpTree = require("regexp-tree");`
4	`const analyzer = require("./analyzer");`
5
6	`class HeuristicAnalyzer extends analyzer.Analyzer {`
7	`constructor(analyzerOptions) {`
8	`super(analyzerOptions);`
9	`}`
10
11	`isVulnerable(regExp) {`
12	`// Heuristic #1: Star height > 1`
13	`const starHeight = this._measureStarHeight(regExp);`
14	`if (starHeight > 1) {`
15	`return true;`
16	`}`
17
18	`// Heuristic #2: # repetitions > limit`
19	`// TODO This is a poor heuristic`
20	`const nRepetitions = this._measureRepetitions(regExp);`
21	`if (nRepetitions > this.options.heuristic_replimit) {`
22	`return true;`
23	`}`
24
25	`return false;`
26	`}`
27
28	`genAttackString(regExp) {`
29	`return null;`
30	`}`
31
32	`_measureStarHeight(regExp) {`
33	`let currentStarHeight = 0;`
34	`let maxObservedStarHeight = 0;`
35
36	`const ast = regexpTree.parse(regExp);`
37
38	`regexpTree.traverse(ast, {`
39	`Repetition: {`
40	`pre({ node }) {`
41	`currentStarHeight++;`
42	`if (maxObservedStarHeight < currentStarHeight) {`
43	`maxObservedStarHeight = currentStarHeight;`
44	`}`
45	`},`
46
47	`post({ node }) {`
48	`currentStarHeight--;`
49	`}`
50	`}`
51	`});`
52
53	`return maxObservedStarHeight;`
54	`}`
55
56	`_measureRepetitions(regExp) {`
57	`let nRepetitions = 0;`
58
59	`const ast = regexpTree.parse(regExp);`
60	`regexpTree.traverse(ast, {`
61	`Repetition: {`
62	`pre({ node }) {`
63	`nRepetitions++;`
64	`}`
65	`}`
66	`});`
67
68	`return nRepetitions;`
69	`}`
70	`}`
71
72	`module.exports = HeuristicAnalyzer;`