/^(https?://)?([a-zA-Z0-9-]+.)*[a-zA-Z0-9-]+.[a-zA-Z]{2,6}(:[0-9]+)?(/.*)?$/ is Unsafe! WARNING: This check has both false positives and false negatives. Use vuln-regex-detector for improved accuracy.
/^(https?://)?([a-zA-Z0-9-]+.)*[a-zA-Z0-9-]+.[a-zA-Z]{2,6}(:[0-9]+)?(/.*)?$/ is Unsafe! WARNING: This check has both false positives and false negatives. Use vuln-regex-detector for improved accuracy.
Yes. Your regex may lead to a ReDoS attack due to a catastrophic exponential-time regular expressions problem. For example, if you create a vulnerable regex for email checking, then hackers may easily DoS attack you via the login page.
Sure, evaluate these codes in your console (F12) or Node REPL.
const r = /(.*){1,32000}[bc]/i;
r.test('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');But the tab will freeze forever.
/^[a-zA-Z0-9_]+([.-][a-zA-Z0-9_]+)*$/ This regex is meant to validate user logins, allowing alphanumeric characters with dots or hyphens in between. The nested repetition of groups could lead to performance issues.
/^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$/ This regex validates email addresses. The combination of multiple quantifiers and character classes for both the local part and domain part of the email can create performance issues with certain inputs.
/^(https?://)?([a-zA-Z0-9-]+.)*[a-zA-Z0-9-]+.[a-zA-Z]{2,6}(:[0-9]+)?(/.*)?$/ This regex is aimed at validating URLs. However, the nested groups and multiple quantifiers (* and +) for different URL segments can lead to excessive backtracking, especially with malformed or very long inputs.
/^([0-9]{1,3}.){3}[0-9]{1,3}$/ Designed to validate IPv4 addresses, the repeated groups with quantifiers can be a source of performance degradation, especially if there's an attempt to input excessively long sequences of numbers and dots.
/^([a-fA-F0-9]{64})+$/ Intended to validate a SHA-256 hash, this regex can cause issues because of the + quantifier at the end, making it susceptible to long, repetitive, non-matching inputs.
/^([0-9]{4}-[0-9]{2}-[0-9]{2})+$/ This regex is for validating dates in the YYYY-MM-DD format. The use of + at the end can lead to issues with long, non-matching inputs.