-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#java# 规范 正则表达式DOS 增补修订建议 #17
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
正则表达式(Regex)经常遭受拒绝服务(DOS)攻击(称为ReDOS),根据特定的正则表达式定义,当分析某些字符串时,正则表达式引擎可能会花费大量时间甚至导致宕机。
脆弱代码:
解决方案:
对正则表达式处理的内容应进行长度限制
消除正则表达式的歧义,避免重复运算符嵌套。例如表达式^(a+)+$应替换成^a+$
The text was updated successfully, but these errors were encountered: