es-lint-security标记不安全的正则表达式 [英] es-lint-security flagging an unsafe regular expression
问题描述
我有一个正则表达式,看起来像这样 / ^ [A-Za-z。,'-]([A-Za-z。,'-] * [A-Za-z。 ,'-])?$ /
I have a regex that looks like this /^[A-Za-z.,'-]([A-Za-z.,' -]*[A-Za-z.,'-])?$/
我最近添加了 eslint-config-security 插件,由于 detect-unsafe-regex 规则。
I've recently added the eslint-config-security plugin and it has flagged the above regex as unsafe due to the detect-unsafe-regex rule.
没有说明为什么它不安全。
It does not say why it is unsafe.
有人可以告诉我为什么吗这是不安全的,我该怎么解决?
Can anyone tell me why this is unsafe and what I can do to fix it?
它运行此软件包
推荐答案
详细信息:
最后有一些时间,所以我将解释这里发生的事情。原因是灾难性的回溯。
我将以博客中的示例为例:
Details: Finally got some time so I'll explain what's happening here. The reason is catastrophic backtracking. I'll take the example from the blog:
您在执行([[A-Za-z。,'-] *?)这样的正则表达式引擎不会破坏系统。
You are doing something like this (x+x+)+y when doing this ([A-Za-z.,' -]*[A-Za-z.,'-]) x+x+ could've been limited to x+ but in your case, there is little difference between both the x. So a solution for you is to use ([A-Za-z.,' -]* ?) this way regex engine won't break down the system.
发生的情况在从博客中:
考虑正则表达式(x + x +)+ y。让我们看看当
将此正则表达式应用于xxxxxxxxxxy时会发生什么。前一个x +将匹配所有10 x
个字符。第二个x +失败。第一个x +然后回溯到9个
比赛,第二个x +拾取剩余的x。小组中有
现在匹配一次。该组重复但在第一个x +处失败。当y
失败时,正则表达式引擎回溯。该小组有一个迭代可以回溯到
。第二个x +仅匹配一个x,因此无法回溯
。但是第一个x +可以放弃一个x。第二个x +立即与
匹配xx。该组再次进行一次迭代,使下一次迭代失败,并且
y失败。当y失败时,正则表达式引擎回溯。该小组有
个迭代可以回溯到其中。第二个x +仅匹配一个x,
,因此它无法回溯。但是第一个x +可以放弃一个x。第二个
x +立即匹配xx。该组再次进行一次迭代,使下一个
失败,并且y失败。再次回溯,第二个x +现在具有
一个回溯位置,使其自身减少以匹配x。该小组第二次尝试
。第一个x +匹配,但第二个x +固定在字符串末尾的
处。再次回溯,该小组的
第一次迭代中的第一个x +将其自身减少为7个字符。第二个x +匹配
xxx。失败y,第二个x +减少为xx,然后减少为x。
Consider the regular expression (x+x+)+y. Let's see what happens when you apply this regex to xxxxxxxxxxy. The first x+ will match all 10 x characters. The second x+ fails. The first x+ then backtracks to 9 matches, and the second one picks up the remaining x. The group has now matched once. The group repeats but fails at the first x+.When y fails, the regex engine backtracks. The group has one iteration it can backtrack into. The second x+ matched only one x, so it can't backtrack. But the first x+ can give up one x. The second x+ promptly matches xx. The group again has one iteration, fails the next one, and the y fails. When y fails, the regex engine backtracks. The group has one iteration it can backtrack into. The second x+ matched only one x, so it can't backtrack. But the first x+ can give up one x. The second x+ promptly matches xx. The group again has one iteration, fails the next one, and the y fails. Backtracking again, the second x+ now has one backtracking position, reducing itself to match x. The group tries a second iteration. The first x+ matches but the second is stuck at the end of the string. Backtracking again, the first x+ in the group's first iteration reduces itself to 7 characters. The second x+ matches xxx. Failing y, the second x+ is reduced to xx and then x.
如果您在RegexBuddy的调试器中以10x字符串尝试此正则表达式,则
会花费2558步来找出最后一个y。对于11x
字符串,它需要5118步。对于12,需要10238个步骤。显然,我们
在这里具有O(2 ^ n)的指数复杂度。调试器
的速度是21倍,步幅为280万,诊断出灾难性的
回溯的坏情况。
If you try this regex on a 10x string in RegexBuddy's debugger, it'll take 2558 steps to figure out the final y is missing. For an 11x string, it needs 5118 steps. For 12, it takes 10238 steps. Clearly we have an exponential complexity of O(2^n) here. At 21x the debugger bows out at 2.8 million steps, diagnosing a bad case of catastrophic backtracking.
Regex引擎(如.NET)将永远继续下去,而其他人则
会因堆栈溢出而崩溃(如5.10之前的Perl)。堆栈
溢出在Windows上尤其令人讨厌,因为它们会使您的应用程序
消失而没有任何痕迹或解释。
Regex engines (like .NET) will keep going forever, while others will crash with a stack overflow (like Perl, before version 5.10). Stack overflows are particularly nasty on Windows since they tend to make your application vanish without a trace or explanation.
这篇关于es-lint-security标记不安全的正则表达式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
