Original Post: Improving ReDoS detection and finding more bugs using Dlint and r2c
This post is part of a series discussing ReDoS (Regular Expression Denial of Service) vulnerabilities. It begins by guiding users to install the "bento-cli" tool and referencing the first post in the series for foundational understanding of ReDoS bugs.
The author highlights the use of the r2c distributed analysis platform for code analysis, triaging findings, and improving tools like Dlint, a tool that encourages coding best practices in Python. They further explore the detection of false positives in ReDoS vulnerability analysis. They provide an example of a regular expression where the tool detected both catastrophic and non-catastrophic scenarios mistakenly and describe the fix made to Dlint to improve detection accuracy.
The post details a specific ReDoS vulnerability (CVE-2020-6817) found in Mozilla’s Bleach library, providing a technical explanation of why the vulnerability occurs and how it can be exploited using a crafted payload. The enabling of style attributes in HTML elements is highlighted as a critical factor for this bug.
It concludes with a list of additional ReDoS bugs found using the r2c platform and provides resources for further reading on preventing ReDoS and understanding catastrophic backtracking in regular expressions.
Go here to read the Original Post