Description
Fuzzing has the potential to detect ReDoS attack opportunities.
Example: Found vulnerability in sqlparse library.
Expected behavior
Now we could write a test like:
boolean test(String str) {
if (Pattern.compile("a|a*").matcher(str).matches()) {
return true;
}
return false;
}
All tests which are marked as timeout can be recognized as a bad input.
Description
Fuzzing has the potential to detect ReDoS attack opportunities.
Example: Found vulnerability in sqlparse library.
Expected behavior
Now we could write a test like:
All tests which are marked as timeout can be recognized as a bad input.