NicolaasWeideman / RegexStaticAnalysis
A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.
☆109Updated 2 years ago
Alternatives and similar repositories for RegexStaticAnalysis:
Users that are interested in RegexStaticAnalysis are comparing it to the libraries listed below
- ☆143Updated 2 years ago
- An automated tool for the detection of regexes' slow-matching vulnerabilities.☆156Updated 3 years ago
- A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and sup…☆199Updated 2 months ago
- Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.☆54Updated 2 months ago
- A static analysis API for finding deserialization attack gadgets☆38Updated 2 years ago
- Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.☆321Updated 3 years ago
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆44Updated 9 months ago
- Testability Pattern Catalogs for SAST☆29Updated last month
- Generic SAST Library☆130Updated 4 months ago
- A delta debugger for JavaScript☆51Updated 2 years ago
- WALA analyses and tools that are implemented in JavaScript☆82Updated 8 years ago
- Type Analyzer for JavaScript☆195Updated last month
- A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-con…☆59Updated 7 years ago
- Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)☆59Updated 2 weeks ago
- Performant taint analysis for Node.js☆49Updated 7 months ago
- Static checker for Java☆86Updated 2 months ago
- A dynamic symbolic analysis tool for Java☆116Updated 5 years ago
- Creates a CFG from JavaScript source code.☆68Updated 6 months ago
- The official repo of Doop, the declarative pointer analysis framework.☆173Updated 3 weeks ago
- Phosphor: Dynamic Taint Tracking for the JVM☆173Updated 3 months ago
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆33Updated 8 years ago
- Collection of python helper API's for interacting with LGTM.com in ways the official API doesn't support.☆23Updated 2 years ago
- TC39 proposal for mitigating prototype pollution☆46Updated last year
- Analyse package dependency networks at the call graph level☆93Updated last year
- An automatic testing tool for Java software☆25Updated 6 years ago
- A symbolic Java virtual machine for program analysis, verification and test generation☆109Updated 2 months ago
- List of Trusted Types bypasses☆91Updated 11 months ago
- An extensible, heuristic-based vulnerability scanning tool for installed npm packages☆50Updated 3 years ago
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 2 years ago
- 🌍 Normalized repository URLs for every package in the npm registry. Updated daily.☆82Updated this week