s0md3v/redos.py

## redos.py
#!/usr/bin/env python3

import os, re, sys, glob, math, warnings

end = '\033[0m'
red = '\033[91m'
green = '\033[92m'
info = '\033[93m[!]\033[0m'
good = '\033[92m[+]\033[0m'
line = red + ('-' * 100) + end

warnings.filterwarnings("ignore")
values = set()
variablePattern = re.compile(r'''(?m)(['"`]|\'\'\'|""")([.\s\S]*?)(?<!\\)\1''')

def reader(path):
    with open(path, 'r') as f:
        result = [line for line in f]
        return ''.join(result)

def isRegex(string):
    try:
        re.compile(variable)
        if re.search(r'\{\d+,\d+\}|\*|\+', string):
            return True
    except re.error:
        return False

files = []
path = os.getcwd()
for (dirpath, dirnames, filenames) in os.walk(path):
    result = [dirpath + '/' + file for file in filenames]
    files.extend(result)

for file in files:
    if '.git' not in file and '__pycache__' not in file:
        content = reader(file)
        matches = re.finditer(variablePattern, content)
        if matches:
            for match in matches:
                variable = match.group(2)
                if variable.startswith('/'):
                    variable = variable.lstrip('/')
                if variable.endswith('\\'):
                    variable = variable.rstrip('\\')
                if '(?i:' in variable:
                    variable = variable.replace('(?i:', '(')
                if isRegex(variable):
                    if re.search(r'(\{\d+,\d+\}|\*|\+)\)(\{\d+,\d+\}|\*|\+)', variable):
                        print (red + '+ VULNERABILITY DETECTED' + end)
                        print ('  %s-%s File%s %s' % (green, dgreen, end, file))
                        print ('  %s-%s Regex%s %s' % (green, dgreen, end, variable))
                        print ()
	#!/usr/bin/env python3

	import os, re, sys, glob, math, warnings

	end = '\033[0m'
	red = '\033[91m'
	green = '\033[92m'
	info = '\033[93m[!]\033[0m'
	good = '\033[92m[+]\033[0m'
	line = red + ('-' * 100) + end

	warnings.filterwarnings("ignore")
	values = set()
	variablePattern = re.compile(r'''(?m)(['"`]\|\'\'\'\|""")([.\s\S]*?)(?<!\\)\1''')

	def reader(path):
	with open(path, 'r') as f:
	result = [line for line in f]
	return ''.join(result)

	def isRegex(string):
	try:
	re.compile(variable)
	if re.search(r'\{\d+,\d+\}\|\*\|\+', string):
	return True
	except re.error:
	return False

	files = []
	path = os.getcwd()
	for (dirpath, dirnames, filenames) in os.walk(path):
	result = [dirpath + '/' + file for file in filenames]
	files.extend(result)

	for file in files:
	if '.git' not in file and '__pycache__' not in file:
	content = reader(file)
	matches = re.finditer(variablePattern, content)
	if matches:
	for match in matches:
	variable = match.group(2)
	if variable.startswith('/'):
	variable = variable.lstrip('/')
	if variable.endswith('\\'):
	variable = variable.rstrip('\\')
	if '(?i:' in variable:
	variable = variable.replace('(?i:', '(')
	if isRegex(variable):
	if re.search(r'(\{\d+,\d+\}\|\\|\+)\)(\{\d+,\d+\}\|\\|\+)', variable):
	print (red + '+ VULNERABILITY DETECTED' + end)
	print (' %s-%s File%s %s' % (green, dgreen, end, file))
	print (' %s-%s Regex%s %s' % (green, dgreen, end, variable))
	print ()