You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '\n'.
Some regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length n is proportional to nk or even 2n. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service ("DoS") attack by crafting an expensive input string for the regular expression to match.
Maybe even "<!--([^\s\n]|\s|\n)*?-->" works by preventing the ambiguity of the first and the other alternative matches, but the re.DOTALL approach definitely is smarter :)
Found by CodeQL:
intelmq/intelmq/bots/parsers/sucuri/parser.py
Line 25 in 6991597
Tracking issue for:
The text was updated successfully, but these errors were encountered: