Module PolynomialReDoS
Provides default sources, sinks and sanitizers for detecting “polynomial regular expression denial of service (ReDoS)” vulnerabilities, as well as extension points for adding your own.
Import path
import semmle.python.security.dataflow.PolynomialReDoSCustomizations
Imports
Make<RegexTreeView::Impl> | A parameterized module implementing the analysis described in the above papers. |
Classes
ConstCompareAsSanitizerGuard | A comparison with a constant, considered as a sanitizer-guard. |
RegexExecutionAsSink | A regex execution, considered as a flow sink. |
RemoteFlowSourceAsSource | A source of remote user input, considered as a flow source. |
Sanitizer | A sanitizer for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
Sink | A data flow sink for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
Source | A data flow source for “polynomial regular expression denial of service (ReDoS)” vulnerabilities. |
Aliases
StringConstCompareAsSanitizerGuard | DEPRECATED: Use ConstCompareAsSanitizerGuard instead. |