Skip to content

Latest commit

 

History

History
139 lines (114 loc) · 4.14 KB

regularexpressiondenialofservice.md

File metadata and controls

139 lines (114 loc) · 4.14 KB

Regular Expression Denial of Service (ReDOS)

org.openrewrite.java.security.RegularExpressionDenialOfService

ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.

Source

GitHub, Issue Tracker, Maven Central

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-java-security
  • version: 2.0.1

Example

{% tabs %} {% tab title="Test.java" %}

Before

{% code title="Test.java" %}

import java.util.regex.Pattern;
class Test {
    private static final Pattern testRe = Pattern.compile("(\\?.)*");
}

{% endcode %}

After

{% code title="Test.java" %}

import java.util.regex.Pattern;
class Test {
    private static final Pattern testRe = Pattern.compile(".*");
}

{% endcode %}

{% endtab %} {% tab title="Diff" %} {% code %}

--- Test.java
+++ Test.java
@@ -3,1 +3,1 @@
import java.util.regex.Pattern;
class Test {
-   private static final Pattern testRe = Pattern.compile("(\\?.)*");
+   private static final Pattern testRe = Pattern.compile(".*");
}

{% endcode %} {% endtab %} {% endtabs %}

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:2.0.1 in your build file or by running a shell command (in which case no build changes are needed): {% tabs %} {% tab title="Gradle" %} {% code title="build.gradle" %}

plugins {
    id("org.openrewrite.rewrite") version("6.1.4")
}

rewrite {
    activeRecipe("org.openrewrite.java.security.RegularExpressionDenialOfService")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-security:2.0.1")
}

{% endcode %} {% endtab %} {% tab title="Maven POM" %} {% code title="pom.xml" %}

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.2.4</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.security.RegularExpressionDenialOfService</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-java-security</artifactId>
            <version>2.0.1</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{% endcode %} {% endtab %}

{% tab title="Maven Command Line" %} {% code title="shell" %} You will need to have Maven installed on your machine before you can run the following command.

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
  -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-java-security:RELEASE \
  -Drewrite.activeRecipes=org.openrewrite.java.security.RegularExpressionDenialOfService

{% endcode %} {% endtab %} {% endtabs %}

Contributors

See how this recipe works across multiple open-source repositories

Moderne Link Image

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.