Am 01.08.2012 20:40, schrieb Andres Riancho:
> Ping! Someone can help me out?
may be this helps:
https://github.com/EnDe/ReDoS
not for python, but you get at least some regex and patterns ;-)
Achim
>
> On Thu, Jul 26, 2012 at 1:59 PM, Andres Riancho
> <andres.rian...@gmail.com> wrote:
>> Lists,
>>
>> I'm trying to write a unittest for our redos audit plugin [0] that
>> aims to find regular expression denial of service as explained here
>> [1]. My problem at this point, and this is why I'm contacting you, is
>> that I know for a fact that both PHP and Python are safe against this
>> vulnerability (because of their regex engines being safe), but I want
>> to have a unittest that really verifies that the plugin works and can
>> identify the vulnerability... which programming language should I use
>> to code the vulnerable script?
>>
>> Thanks!
>>
>> [0]
>> https://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/audit/redos.py
>> [1]
>> https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
>>
>> Regards,
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
