detect possibly catastrophic, exponential-time regular expressions
JavaScript
Switch branches/tags
Latest commit 93d23dd Mar 19, 2015 @substack substack 0.12
Permalink
Failed to load latest commit information.
example docs Jul 13, 2013
test formatting Mar 19, 2015
.travis.yml 0.12 Mar 19, 2015
LICENSE package.json etc Jul 13, 2013
index.js opts.limit Mar 19, 2015
package.json 1.1.0 Mar 19, 2015
readme.markdown document opts.limit Mar 19, 2015

readme.markdown

safe-regex

detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1

WARNING: This module merely seems to work given all the catastrophic regular expressions I could find scouring the internet, but I don't have enough of a background in automata to be absolutely sure that this module will catch all exponential-time cases.

browser support

build status

example

var safe = require('safe-regex');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));
$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

methods

var safe = require('safe-regex')

var ok = safe(re, opts={})

Return a boolean ok whether or not the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If the re is a string and is an invalid regex, returns false.

  • opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

install

With npm do:

npm install safe-regex

license

MIT