NicolaasWeideman / RegexStaticAnalysis
A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.
☆110Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for RegexStaticAnalysis
- ☆141Updated last year
- An automated tool for the detection of regexes' slow-matching vulnerabilities.☆154Updated 2 years ago
- Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.☆320Updated 2 years ago
- A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-con…☆58Updated 6 years ago
- A delta debugger for JavaScript☆51Updated 2 years ago
- ☆28Updated last month
- Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.☆53Updated last month
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆42Updated 4 months ago
- This is the repository for JÄk. I created it as prototype during my masterthesis.☆30Updated 6 years ago
- A static analysis API for finding deserialization attack gadgets☆38Updated 2 years ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆87Updated this week
- WALA analyses and tools that are implemented in JavaScript☆82Updated 8 years ago
- TaintFlow, a framework for JavaScript dynamic information flow analysis.☆17Updated last year
- An extended Node.js runtime with additional security mechanisms built-in. Protects your Node.js applications from injection attacks such …☆31Updated 3 years ago
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆33Updated 8 years ago
- OWASP WAP - Web Application Protection Project☆11Updated 5 years ago
- A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and sup…☆190Updated 4 months ago
- Type Analyzer for JavaScript☆194Updated 4 years ago
- Generic SAST Library☆125Updated this week
- ☆27Updated 2 years ago
- Content released at NorthSec 2018 for my talk on prototype pollution☆515Updated 5 months ago
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 2 years ago
- Discussion area for security aspects of ECMAScript☆64Updated 6 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆88Updated 6 years ago
- ☆18Updated 5 years ago
- RegEx Denial of Service (ReDos) Scanner☆162Updated 7 years ago
- Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…☆16Updated 8 months ago
- Testability Pattern Catalogs for SAST☆29Updated 8 months ago
- Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications (NDSS 2022)☆23Updated 9 months ago
- List of Trusted Types bypasses☆86Updated 7 months ago