Yes, it's exactly this, thanks for your help! Best regards,
Jardel Matias Em qua., 7 de fev. de 2024 às 13:32, Claudia <impinb...@gmail.com> escreveu: > You may be interested in the following links: > > - https://v8.dev/blog/non-backtracking-regexp > - > > https://es.discourse.group/t/safe-regex-engine-to-prevent-redos-attack/450/6 > - > > https://es.discourse.group/t/re2-consider-having-it-as-alternative-engine-choice/1388/15 > > V8 does impose a bound currently on some regexps, but not all. > > On Tuesday, February 6, 2024 at 4:59:04 AM UTC-8 jardelm...@gmail.com > wrote: > >> Recently, we have witnessed a surge in ReDoS (Regular Expression Denial >> of Service) issues, and the root cause behind these occurrences lies in the >> regex engine we employ for matching patterns. There is a library called >> re2, which serves as a wrapper for Google's re2 engine. This library >> resolves all regex patterns in linear time, albeit lacking support for >> backreferences and look-arounds. >> >> Upon researching this matter, it becomes evident that prominent projects >> are grappling with this problem. Languages such as Rust and Go have >> successfully mitigated these issues long ago. Considering the impact of >> ReDoS on Node.js, particularly its tendency to stall the event loop, it >> seems prudent to integrate this functionality into the Node.js codebase. >> >> For further insights into the severity of ReDoS vulnerabilities, you may >> refer to the following resources: >> >> >> https://snyk.io/blog/redos-vulnerabilities-in-npm-spikes-by-143-and-xss-continues-to-grow/ >> https://swtch.com/~rsc/regexp/regexp1.html >> >> To solve this problem maybe we can implementing a regex algorithm that >> operates in linear time, such as the Thompson implementation detailed in >> this link <https://swtch.com/~rsc/regexp/regexp-bytecode.c.txt>, is a >> worthwhile endeavor. >> >> A had open the issues in Node Js issues page, take a look >> https://github.com/nodejs/node/issues/51659 >> >> Best regards, >> >> Jardel Matias > > -- > -- > v8-dev mailing list > v8-dev@googlegroups.com > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to the Google Groups > "v8-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/v8-dev/e943bd00-788c-481d-96c3-653cad6473c6n%40googlegroups.com > <https://groups.google.com/d/msgid/v8-dev/e943bd00-788c-481d-96c3-653cad6473c6n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Facebook <https://facebook.com/francoatmega> | LinkedIn <https://linkedin.com/in/jardelmatias> | Twitter <https://twitter.com/jardelmatias> -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CALumLY14xM6%3DOMCDjMuLsntSZwYGT9s1yYuWbrirmkggahTTjw%40mail.gmail.com.
