Is std::regex constructor safe?
Question
Just to make sure:
The constructors of std::basic_regex have to detect invalid expressions and throw an exception if it isn't correct. Right? So assuming I trust my STL implementer, I can pass arbitratry strings to it and I'll either get a valid regex object or an exception - no UB or something of that kind?
Does anyone know of buggy std::basic_regex implementations (EDIT: or other parts of the regex library) that are not robust against erroneous inputs?
1 answers
solution1
3 2019-03-07 13:21:20
Assuming the standard libraries do not have bugs (they do, as pointed out by PW) there is a more general attack called ReDoS as described by OWASP :
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.
So I would at the very least limit the size of the allowed input so that your program cannot be DOS'd. Secondly, a general approach to test the robustness of the engine is through fuzzing. There are a variety of fuzzing libraries out there and some projects on GitHub that contain "naughty" strings that are explicitly meant for pen testing. You may find it worthwhile to fuzz the various engines to see where they fail.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.