redos-detector
Version:
A CLI and library which tests helps score how vulnerable a regex pattern is to ReDoS attacks. Supported in the browser, Node and Deno.
45 lines (44 loc) • 1.77 kB
TypeScript
import { Reference } from 'regjsparser';
import { MyFeatures, MyRootNode } from './parse';
export type DowngradePatternConfig = Readonly<{
/**
* The regex pattern.
*/
pattern: string;
/**
* Set to `true` to enable unicode mode.
*/
unicode: boolean;
}>;
export type DowngradedRegexPattern = Readonly<{
/**
* Offsets to groups which should be considered atomic.
*
* E.g. `(?=(a))\1` => `(?=(a))(?:a)` with atomic group offset 7.
*/
atomicGroupOffsets: ReadonlySet<number>;
/**
* The downgraded pattern.
*/
pattern: string;
}>;
export type RawWithoutCapturingGroupsOrLookaheads = Readonly<{
referencesWithOffset: ReadonlyMap<Reference<MyFeatures>, number>;
result: string;
}>;
export declare function isMissingStartAnchor(rootNode: MyRootNode): boolean;
export declare function getRawWithoutCapturingGroupsOrLookaheads(rootNode: MyRootNode): RawWithoutCapturingGroupsOrLookaheads;
/**
* Downgrade the provided pattern if needed so that it is supported for checking.
*
* A downgraded pattern may introduce false positives.
*
* This does the following:
* - If the pattern contains a reference to a group that lives in a positive lookahead,
* the reference will be replaced with a non-capturing group that contains referenced group.
* - If the pattern contains a reference to a group that is a non-finite size,
* the reference will be replaced with a non-capturing group that contains the referenced group.
* - If the pattern does not contain a start anchor then `[^]*` will be prepended, and the remainder
* wrapped in a none capturing group if needed.
*/
export declare function downgradePattern({ pattern, unicode, }: DowngradePatternConfig): DowngradedRegexPattern;