Commit bc09813

committed

Initial negative lookahead support

Removes some false positives.

1 parent d48af06 commit bc09813Copy full SHA for bc09813

File tree

5 files changed

+110

-17

lines changed

regexploit
- ast
  - sre.py
- bin
  - regexploit_js.py
tests

5 files changed

+110

-17

lines changed

`‎regexploit/ast/sre.py‎`

Lines changed: 77 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@`
`18`	`18`	`class SreOpParser:`
`19`	`19`	`def __init__(self):`
`20`	`20`	`self._groups = {}`
	`21`	`+ self.negative_lookahead: Optional[Character] = None`
`21`	`22`
`22`	`23`	`def parse_sre(self, pattern: str, flags: int = 0):`
`23`	`24`	`return self.sequence_or_singleton(sre_parse.parse(pattern, flags))`
`@@ -56,6 +57,8 @@ def from_MAX_REPEAT(`
`56`	`57`	`) -> Union[FiniteRepeat, InfiniteRepeat, Branch, None]:`
`57`	`58`	`minimum, maximum, elements = data`
`58`	`59`	`infinite = maximum is sre_constants.MAXREPEAT`
	`60`	`+ # TODO support negative lookahead before repeat with minimum = 0`
	`61`	`+ negative_lookahead = self.use_negative_lookahead()`
`59`	`62`	`repeatable = self.sequence_or_singleton(elements)`
`60`	`63`	`if repeatable is None:`
`61`	`64`	`return None`
`@@ -68,7 +71,30 @@ def from_MAX_REPEAT(`
`68`	`71`	`# Interesting (starry) optional sequences as branches (ab)? -> (ab\|)`
`69`	`72`	`return make_branch([repeatable, None])`
`70`	`73`	`if infinite:`
	`74`	`+ if (`
	`75`	`+ negative_lookahead is not None`
	`76`	`+ and minimum > 0`
	`77`	`+ and isinstance(repeatable, Character)`
	`78`	`+ ):`
	`79`	`+ return Sequence(`
	`80`	`+ [`
	`81`	`+ negative_lookahead & repeatable,`
	`82`	`+ InfiniteRepeat(repeatable, minimum - 1),`
	`83`	`+ ]`
	`84`	`+ )`
`71`	`85`	`return InfiniteRepeat(repeatable, minimum)`
	`86`	`+ if (`
	`87`	`+ negative_lookahead is not None`
	`88`	`+ and minimum > 0`
	`89`	`+ and maximum > 1`
	`90`	`+ and isinstance(repeatable, Character)`
	`91`	`+ ):`
	`92`	`+ return Sequence(`
	`93`	`+ [`
	`94`	`+ negative_lookahead & repeatable,`
	`95`	`+ FiniteRepeat(repeatable, minimum - 1, maximum - 1),`
	`96`	`+ ]`
	`97`	`+ )`
`72`	`98`	`return FiniteRepeat(repeatable, minimum, maximum)`
`73`	`99`
`74`	`100`	`def from_MIN_REPEAT(self, data):`
`@@ -79,30 +105,40 @@ def from_BRANCH(`
`79`	`105`	`) -> Union[Branch, FiniteRepeat, Character, None]:`
`80`	`106`	`# sre already transforms (a\|b\|c) -> [abc]`
`81`	`107`	`branches = data[1]`
`82`		`- return make_branch([self.sequence_or_singleton(branch) for branch in branches])`
`83`		`-`
`84`		`- @staticmethod`
`85`		`- def from_AT(at: SreConstant):`
	`108`	`+ negative_lookahead = self.use_negative_lookahead()`
	`109`	`+ processed_branches = []`
	`110`	`+ for branch in branches:`
	`111`	`+ self.negative_lookahead = negative_lookahead`
	`112`	`+ processed_branches.append(self.sequence_or_singleton(branch))`
	`113`	`+ self.negative_lookahead = None`
	`114`	`+ return make_branch(processed_branches)`
	`115`	`+`
	`116`	`+ def from_AT(self, at: SreConstant):`
`86`	`117`	`# TODO: handling for multiline`
`87`	`118`	`# TODO: handling for \\b`
	`119`	`+ self.use_negative_lookahead()`
`88`	`120`	`if at is sre_constants.AT_END:`
`89`	`121`	`return EndOfString()`
`90`	`122`	`return None`
`91`	`123`
`92`		`- @staticmethod`
`93`		`- def from_ANY(_: None) -> Character:`
	`124`	`+ def from_ANY(self, _: None) -> Character:`
	`125`	`+ if negative_lookahead := self.use_negative_lookahead():`
	`126`	`+ return negative_lookahead`
`94`	`127`	`return Character.ANY()`
`95`	`128`
`96`		`- @staticmethod`
`97`		`- def from_LITERAL(literal: int) -> Character:`
	`129`	`+ def from_LITERAL(self, literal: int) -> Character:`
	`130`	`+ if negative_lookahead := self.use_negative_lookahead():`
	`131`	`+ return Character.LITERAL(literal) & negative_lookahead`
`98`	`132`	`return Character.LITERAL(literal)`
`99`	`133`
`100`		`- @staticmethod`
`101`		`- def from_NOT_LITERAL(not_literal: int) -> Character:`
	`134`	`+ def from_NOT_LITERAL(self, not_literal: int) -> Character:`
	`135`	`+ if negative_lookahead := self.use_negative_lookahead():`
	`136`	`+ return (`
	`137`	`+ Character(literals={not_literal}, positive=False) & negative_lookahead`
	`138`	`+ )`
`102`	`139`	`return Character(literals={not_literal}, positive=False)`
`103`	`140`
`104`		`- @staticmethod`
`105`		`- def from_IN(data: List[SreOp]) -> Character:`
	`141`	`+ def from_IN(self, data: List[SreOp]) -> Character:`
`106`	`142`	`literals: Optional[Set[int]] = None`
`107`	`143`	`categories: Optional[Set] = None`
`108`	`144`	`positive = True`
`@@ -125,7 +161,9 @@ def from_IN(data: List[SreOp]) -> Character:`
`125`	`161`	`categories.add(Category[in_data.name[9:]])`
`126`	`162`
`127`	`163`	`if categories and covers_any(categories):`
`128`		`- return Character.ANY() if positive else None`
	`164`	`+ return self.from_ANY(None) if positive else None`
	`165`	`+ if negative_lookahead := self.use_negative_lookahead():`
	`166`	`+ return Character(literals, categories, positive) & negative_lookahead`
`129`	`167`	`return Character(literals, categories, positive)`
`130`	`168`
`131`	`169`	`def from_GROUPREF(self, ref: int):`
`@@ -139,6 +177,29 @@ def from_GROUPREF_EXISTS(_) -> None:`
`139`	`177`	`def from_ASSERT(_) -> None:`
`140`	`178`	`return None # No intention to implement this properly`
`141`	`179`
`142`		`- @staticmethod`
`143`		`- def from_ASSERT_NOT(_) -> None:`
`144`		`- return None # No intention to implement this properly`
	`180`	`+ def from_ASSERT_NOT(self, data) -> None:`
	`181`	`+ typ, ops = data`
	`182`	`+ if typ == 1:`
	`183`	`+ if len(ops) == 1:`
	`184`	`+ character_op = ops[0]`
	`185`	`+ if character_op[0] in (`
	`186`	`+ sre_constants.LITERAL,`
	`187`	`+ sre_constants.NOT_LITERAL,`
	`188`	`+ sre_constants.IN,`
	`189`	`+ ):`
	`190`	`+ negative_lookahead = self.use_negative_lookahead()`
	`191`	`+ not_assertion = self.parse_op(*character_op)`
	`192`	`+ if not_assertion and (assertion := not_assertion.negate()):`
	`193`	`+ self.negative_lookahead = assertion`
	`194`	`+ if negative_lookahead is not None:`
	`195`	`+ self.negative_lookahead &= negative_lookahead`
	`196`	`+ else:`
	`197`	`+ self.negative_lookahead = negative_lookahead`
	`198`	`+`
	`199`	`+ return None # No intention to implement this fully`
	`200`	`+`
	`201`	`+ def use_negative_lookahead(self) -> Optional[Character]:`
	`202`	`+ if self.negative_lookahead is not None:`
	`203`	`+ negative_lookahead = self.negative_lookahead`
	`204`	`+ self.negative_lookahead = None`
	`205`	`+ return negative_lookahead`

`‎regexploit/bin/regexploit_js.py‎`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`import os.path`
`4`	`4`	`import io`
`5`	`5`	`import json`
	`6`	`+import re`
`6`	`7`	`import subprocess`
`7`	`8`	`import sys`
`8`	`9`	`import traceback`
`@@ -27,10 +28,17 @@ def handle_line_from_node(line: str, output: TextOutput):`
`27`	`28`	`parsed = SreOpParser().parse_sre(pattern)`
`28`	`29`	`except:`
`29`	`30`	`try:`
`30`		`- parsed = SreOpParser().parse_sre(fix_js_regex(pattern))`
	`31`	`+ fixed = fix_js_regex(pattern)`
	`32`	`+ re.compile(fixed)`
`31`	`33`	`except:`
`32`	`34`	`print(f"Error parsing: {pattern} from {filename}\n")`
`33`	`35`	`return`
	`36`	`+ try:`
	`37`	`+ parsed = SreOpParser().parse_sre(fixed)`
	`38`	`+ except:`
	`39`	`+ print(f"Error in regexploit parsing: {pattern} from {filename}")`
	`40`	`+ print(traceback.format_exc())`
	`41`	`+ return`
`34`	`42`	`output.next()`
`35`	`43`	`try:`
`36`	`44`	`for redos in find(parsed):`

`‎tests/test_character.py‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -95,5 +95,11 @@ def test_category_category_covers_all():`
`95`	`95`	`assert from_regex(r"[\Dd\d]").is_any is True`
`96`	`96`
`97`	`97`
	`98`	`+def test_negative_lookahead():`
	`99`	`+ assert SreOpParser().parse_sre(r"(?![0248])(?!6)(?!a)(?!xyz123)\d") == from_regex(`
	`100`	`+ r"[13579]"`
	`101`	`+ )`
	`102`	`+`
	`103`	`+`
`98`	`104`	`def test_category_category_covers_none():`
`99`	`105`	`assert SreOpParser().parse_sre(r"[^x0-9\w\W]") is None`

`‎tests/test_redos.py‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -202,3 +202,11 @@ def test_optional_starry():`
`202`	`202`	`r = rs[0]`
`203`	`203`	`assert r.starriness == 4`
`204`	`204`	`assert r.repeated_character == from_regex(r"\d")`
	`205`	`+`
	`206`	`+`
	`207`	`+def test_negative_lookahead():`
	`208`	`+ # The final (?!c) isn't actually doing anything yet`
	`209`	`+ rs = find_redos(r"[abc]+(?!c)[abc]+(?!b)([abc]+[abc])(?!c)[abc]*x")`
	`210`	`+ r = rs[0]`
	`211`	`+ assert r.starriness == 4`
	`212`	`+ assert r.repeated_character == from_regex(r"a")`

`‎tests/test_repeat.py‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,16 @@ def test_character_class():`
`41`	`41`	`assert r.exact_character_class() == from_regex(r"a")`
`42`	`42`
`43`	`43`
	`44`	`+def test_negative_lookahead_infinite():`
	`45`	`+ r = SreOpParser().parse_sre(r"(?!b)[a-d]+")`
	`46`	`+ assert r == SreOpParser().parse_sre(r"[acd][a-d]*")`
	`47`	`+`
	`48`	`+`
	`49`	`+def test_negative_lookahead_finite():`
	`50`	`+ r = SreOpParser().parse_sre(r"(?!b)[a-d]{1,3}")`
	`51`	`+ assert r == SreOpParser().parse_sre(r"[acd][a-d]{0,2}")`
	`52`	`+`
	`53`	`+`
`44`	`54`	`def test_exponential_starriness():`
`45`	`55`	`r = from_regex(r"(?:(?:a{4,})*)+")`
`46`	`56`	`assert r.starriness == 111 # ((1 * 10) * 10) + 1`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit bc09813

File tree

5 files changed

5 files changed

`‎regexploit/ast/sre.py‎`

`‎regexploit/bin/regexploit_js.py‎`

`‎tests/test_character.py‎`

`‎tests/test_redos.py‎`

`‎tests/test_repeat.py‎`

0 commit comments