Module PolynomialReDoS
Provides default sources, sinks and sanitizers for detecting “polynomial regular expression denial of service (ReDoS)” vulnerabilities, as well as extension points for adding your own.
Import path
import semmle.python.security.dataflow.PolynomialReDoSCustomizations
Imports
Make<RegexTreeView::Impl> |
A parameterized module implementing the analysis described in the above papers. |
Classes
RegexExecutionAsSink |
A regex execution, considered as a flow sink. |
RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source. |
Sanitizer |
A sanitizer for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
SanitizerGuard |
DEPRECATED: Use |
Sink |
A data flow sink for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
Source |
A data flow source for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
StringConstCompareAsSanitizerGuard |
A comparison with a constant string, considered as a sanitizer-guard. |