Class: Contrast::Agent::Assess::Rule::Redos

Inherits:

Base

• Object
• Base
• Contrast::Agent::Assess::Rule::Redos

Defined in:

lib/contrast/agent/assess/rule/redos.rb

Overview

A regexp is only vulnerable to REDOS if it’s going to run with pathologically bad performance. We report a vulnerability if the regexp is liable to run with quadratic time for some input. This vastly errs on the side of false positives.

Constant Summary

NAME =

'redos'

Class Method Summary

• .name ⇒ Object
• .regexp_complexity_check(context, trigger_node, source, object, ret, *args) ⇒ Object

Methods inherited from Base

#enabled?, #excluded?, #initialize, #name, #postfilter, #prefilter, #stream_safe?

Methods included from Components::Interface

included

Constructor Details

This class inherits a constructor from Contrast::Agent::Assess::Rule::Base

Class Method Details

.name ⇒ Object

# File 'lib/contrast/agent/assess/rule/redos.rb', line 16

def name
  NAME
end

.regexp_complexity_check(context, trigger_node, source, object, ret, *args) ⇒ Object

# File 'lib/contrast/agent/assess/rule/redos.rb', line 20

def regexp_complexity_check context, trigger_node, source, object, ret, *args
  # we can arrive here either from:
  #   regexp =~ string
  #   string =~ regexp
  #   regexp.match string
  #
  # so object/args[0] can be string/regexp or regexp/string.
  regexp = object.is_a?(Regexp) ? object : args[0]
  string = object.is_a?(String) ? object : args[0]

  # (1) regexp must be exploitable
  return unless regexp_vulnerable?(regexp)

  # (2) regexp must evaluate against user input
  return unless trigger_node.violated?(string)

  Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(context, trigger_node, source, object, ret, args)
end