Scripts to drive vulnerable regex analysis for different granularities of inputs.
check-repo.pl: Check a GitHub repo.check-tree.pl: Check a tree of files.check-file.pl: Check a file.check-regex.pl: Check a regex.
Input format: JSON object with keys:
- 'url': The root of the tree whose files we should test.
- ['cloneRepo_type']': 'git', 'svn', etc. Otherwise we'll try all possibilities.
- ['cloneRepo_timeout']: how long to wait before giving up on the clone, in seconds.
- ['X']: Parms for
check-tree.pl
Input format: JSON object with keys:
- 'root': The root of the tree whose files we should test.
- 'X': Parms for
check-file.pl.
Input format: JSON object with keys:
- 'file': The name of the file whose regexes we should extract.
- ['extractRegexes_X']: where X is one of the fields for
extract-regexes.pl. - ['X']: Parms for
check-regex.pl.
Input format: JSON object with keys:
- 'pattern': The regex pattern to test.
- ['detectVuln_X']: where X is one of the fields for
detect-vuln.pl. - 'validateVuln_X': where X is one of the fields for
validate-vuln.pl.
These scripts set appropriate limits by default, e.g. on detectVuln\_memoryLimit (8GB) and detectVuln\_timeLimit (60 seconds).
- Set the environment variable
VULN_REGEX_DETECTOR_ROOTto the repo root. - You must have run the
configurescript in the repo root.