ajinabraham.njsscan.dos.regex_injection.regex_injection_dos

ajinabraham

Author

unknown

Download Count*

GPLv3

License

User controlled data in RegExp() can make the application vulnerable to layer 7 DoS.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: regex_injection_dos
    patterns:
      - pattern-either:
          - pattern-inside: function ($REQ, $RES, ...) {...}
          - pattern-inside: function $FUNC($REQ, $RES, ...) {...}
          - pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
          - pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
          - pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
      - pattern-either:
          - pattern: |
              $INP = <... $REQ.$PARAM ...>;
              ...
              $RE = new RegExp(<... $INP ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM.$BAR ...>;
              ...
              $RE = new RegExp(<... $INP ...>)
          - pattern: |
              new RegExp(<... $REQ.$PARAM ...>)
          - pattern: |
              new RegExp(<... $REQ.$PARAM.$BAR ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM ...>;
              ...
              $RE = $STR.search(<... $INP ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM.$FOO ...>;
              ...
              $RE = $STR.search(<... $INP ...>)
          - pattern: |
              $STR.search(<... $REQ.$PARAM ...>)
          - pattern: |
              $STR.search(<... $REQ.$PARAM.$BAR ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM ...>;
              ...
              $RE = $STR.match(<... $INP ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM.$FOO ...>;
              ...
              $RE = $STR.match(<... $INP ...>)
          - pattern: |
              $STR.match(<... $REQ.$PARAM ...>)
          - pattern: |
              $STR.match(<... $REQ.$PARAM.$BAR ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM ...>;
              ...
              $RE = $STR.split(<... $INP ...>)
          - pattern: |
              $INP = <... $REQ.$PARAM.$FOO ...>;
              ...
              $RE = $STR.split(<... $INP ...>)
          - pattern: |
              $STR.split(<... $REQ.$PARAM ...>)
          - pattern: |
              $STR.split(<... $REQ.$PARAM.$BAR ...>)
    message: User controlled data in RegExp() can make the application vulnerable to
      layer 7 DoS.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a1
      cwe: cwe-400
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other

Short Link: https://sg.run/Xx3b