Skip to content

A list of common regex patterns which are safe from ReDos attack ( regular expression denial of service )

License

Notifications You must be signed in to change notification settings

phoenixdevio/safe-regex-patterns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Using safe-regex to check your patterns

  1. npm i

  2. you should add your custom patterns in safe.js file, and in patterns object.

  3. node safe.js

Safe Patterns

  • en_label : /^[a-zA-Z0-9-_ ]{0,250}$/

  • unicode_label : /^[\s\w\u0600-\u06FFs]{0,250}$/

  • label : /^[\s\w\u0600-\u06FFs]{0,250}$/

  • publicKey : /^[\s\d\w]{0,3000}$/

  • description : /^[\s\w\u0600-\u06FFs]{0,5000}$/

  • email : /^[\w-.]{1,50}@[\w-.]{1,50}\.[\w-.]{1,50}$/

  • mobile : /^((\+[0-9]{1,2})|0)9[0-9]{9}$/

  • number : /^[0-9]*$/

  • complexWord : /^[\s\d\w\u0600-\u06FFs_+=:!@#$%^&*()+.\/\/-]*$/

  • password : /^[\s\d\w\u0600-\u06FFs_+=:;!@#$%^&*()+<>,.\/-]{8,16}$/

  • password16 : /^[\s\d\w\u0600-\u06FFs_+=:;!@#$%^&*()+<>,.\/\/-]{16,32}$/

  • passwordN : /^[\s\d\w\u0600-\u06FFs_+=:;!@#$%^&*()+<>,.\/\/-]{8,}$/

  • alphaNumeric : /^[\w\d]+$/

  • license : /^[\w\d]{25}$/

  • vpnHexKey : /^[a-fA-F\d]{64}$/

  • vpnHexIV : /^[a-fA-F\d]{32}$/

  • vpnPassword : /^[A-Za-z0-9@#$%^&!+=]{8,16}$/

Un-Safe Patterns

Note: Use Atomic group to solve this(or use re2 or validator.js)

  • link : /^(?:http(s)?:\/\/)?[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~:/?#[\]@!\$&'\(\)\*\+,;=.]+$/

StackOverflow related Question

https://stackoverflow.com/questions/63127145/safe-regex-patterns-from-redos-attack

Resources

https://regex101.com/

https://jex.im/regulex

https://javascript.info/regexp-catastrophic-backtracking#preventing-backtracking

https://www.smashingmagazine.com/2019/02/regexp-features-regular-expressions/

https://medium.com/swlh/exploiting-redos-d610e8ba531

About

A list of common regex patterns which are safe from ReDos attack ( regular expression denial of service )

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published