Diagnostics is a result type of checking. In Scala, it is a
But in TypeScript, it is a serialized object.
However, they have the same information. We will describe this.
Diagnostics has the following fields.
sourceis the given regular expression’s source string.
flagsis the given regular expression’s flags string.
checkeris a checker type to be used (one of
Known that already,
Diagnostics has three statuses.
safemeans the given regular expression seems safe at least in this checking.
vulnerablemeans vulnerability in the given regular expression is found.
unknownmeans something wrong happened in checking (timeout, cancel, or error). It has the
errorfield to describe the reason for this result.
vulnerable has the
This field contains the matching time complexity estimated in this checking.
There are five
linearare safe matching time complexity.
polynomialis a vulnerable matching time complexity. It has an additional field called
degreewhich represents the maximum degree of the matching time complexity polynomial.
exponentialis a vulnerable matching time complexity.
If the complexity is exponential, you must fix the regular expression as soon as possible.
It may invoke a matching time explosion against too little string (
length < 100).
vulnerable status diagnostics has the
attack field. It contains the attack string obtained by this checking.
The attack string is a string to invoke the matching time explosion as known as ReDoS vulnerability.
It is a string with a repetition structure. It consists of
suffix, and the
base repetition count.
pump consists of
repeating substrings, and the individual repetition count
n. The actual string forms
prefix + repeating.repeat(base + n) + ... + suffix.
Noting that the attack string is computed in theoretical, because of the real matching implementation’s optimization, it may not invoke the matching time explosion. To prevent this case, you should use the recall validation.
hotspot is another interesting field in
vulnerable status diagnostics.
It shows a hotspot in the given regular expression. A hotspot is a substring in the given regular expression that is executed many times against the attack string.
It helps you to fix the regular expression to a safe one.