diff --git a/bin/check-regex.pl b/bin/check-regex.pl index 2ff9f40e..3f8dba43 100755 --- a/bin/check-regex.pl +++ b/bin/check-regex.pl @@ -207,7 +207,7 @@ sub queryCache { "result" => $PATTERN_UNKNOWN, }; - my $cacheClient = "$ENV{VULN_REGEX_DETECTOR_ROOT}/src/cache/client/cache-client.js"; + my $cacheClient = "$ENV{VULN_REGEX_DETECTOR_ROOT}/src/cache/client/cli/cache-client.js"; if (not -f $cacheClient) { &log("queryCache: Could not find client $cacheClient"); return $unknownResponse; diff --git a/bin/test/check-regex/causeDetectorTimeout-1.json b/bin/test/check-regex/causeDetectorTimeout-1.json index 73e6f5ef..12d283d1 100644 --- a/bin/test/check-regex/causeDetectorTimeout-1.json +++ b/bin/test/check-regex/causeDetectorTimeout-1.json @@ -1 +1 @@ -{"pattern": "(a{1,40}){1,40}$", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2} +{"pattern": "(a{1,40}){1,40}$", "validateVuln_language": "javascript", "detectVuln_timeLimit": 10, "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache":0} diff --git a/bin/test/check-regex/edgecase-1.json b/bin/test/check-regex/edgecase-1.json index c5d5447d..befcf80a 100644 --- a/bin/test/check-regex/edgecase-1.json +++ b/bin/test/check-regex/edgecase-1.json @@ -1 +1 @@ -{"pattern": "0", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2} +{"pattern": "0", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache": 0} diff --git a/bin/test/check-regex/unsafe-1.json b/bin/test/check-regex/unsafe-1.json index 58186615..c71e510f 100644 --- a/bin/test/check-regex/unsafe-1.json +++ b/bin/test/check-regex/unsafe-1.json @@ -1 +1 @@ -{"pattern": "(a+)+$", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2} +{"pattern": "(a+)+$", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache": 0} diff --git a/bin/test/check-regex/unsafe-2.json b/bin/test/check-regex/unsafe-2.json new file mode 100644 index 00000000..94150116 --- /dev/null +++ b/bin/test/check-regex/unsafe-2.json @@ -0,0 +1 @@ +{"pattern": ".+\\@.+\\..+", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache": 0} diff --git a/bin/test/check-regex/unsafe-3.json b/bin/test/check-regex/unsafe-3.json new file mode 100644 index 00000000..f03a79a9 --- /dev/null +++ b/bin/test/check-regex/unsafe-3.json @@ -0,0 +1 @@ +{"pattern": "(a|a)+$", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache": 0} diff --git a/bin/test/check-regex/unsafe-4.json b/bin/test/check-regex/unsafe-4.json new file mode 100644 index 00000000..32a76dd4 --- /dev/null +++ b/bin/test/check-regex/unsafe-4.json @@ -0,0 +1 @@ +{"pattern": ".+\\@.+\\..+a.+a.+a.+", "validateVuln_language": "javascript", "validateVuln_nPumps": 100000, "validateVuln_timeLimit": 2, "useCache": 0} diff --git a/src/validate/validate-vuln.pl b/src/validate/validate-vuln.pl index 15f1a8b1..6b108ae6 100755 --- a/src/validate/validate-vuln.pl +++ b/src/validate/validate-vuln.pl @@ -54,30 +54,40 @@ $json->{nPumps} = int($json->{nPumps}); $json->{timeLimit} = int($json->{timeLimit}); +my $result = $json; +$result->{timedOut} = 0; + # Compute an attackString from evilInput. -my $attackString = ""; -for my $pumpPair (@{$json->{evilInput}->{pumpPairs}}) { - $attackString .= $pumpPair->{prefix}; - $attackString .= ($pumpPair->{pump} x $json->{nPumps}); -} -$attackString .= $json->{evilInput}->{suffix}; +# If the detector recommended a cubic or higher (>= 2 pumpPairs), try all polynomial powers +# by working our way up the list of pumpPairs. +# See https://github.com/NicolaasWeideman/RegexStaticAnalysis/issues/11. +my @pumpPairs = @{$json->{evilInput}->{pumpPairs}}; +for my $nPumpPairs (1 .. scalar(@pumpPairs)) { + my $attackString = ""; + for my $pumpPair (@pumpPairs[0 .. $nPumpPairs-1]) { + $attackString .= $pumpPair->{prefix}; + $attackString .= ($pumpPair->{pump} x $json->{nPumps}); + } + $attackString .= $json->{evilInput}->{suffix}; -# Prep an input file. -my $input = { "pattern" => $json->{pattern}, - "input" => $attackString, - }; -my $tmpFile = "/tmp/validate-vuln-$$.json"; -&writeToFile("file"=>$tmpFile, "contents"=>encode_json($input)); + # Prep an input file. + my $input = { "pattern" => $json->{pattern}, + "input" => $attackString, + }; + my $tmpFile = "/tmp/validate-vuln-$$.json"; + &writeToFile("file"=>$tmpFile, "contents"=>encode_json($input)); -# Invoke the appropriate validator. -my $validator = $language2validator{$json->{language}}; + # Invoke the appropriate validator. + my $validator = $language2validator{$json->{language}}; -my ($rc, $out) = &cmd("timeout $json->{timeLimit}s $validator $tmpFile"); -unlink $tmpFile; -my $timedOut = ($rc eq 124) ? 1 : 0; + my ($rc, $out) = &cmd("timeout $json->{timeLimit}s $validator $tmpFile"); + unlink $tmpFile; + my $timedOut = ($rc eq 124) ? 1 : 0; -my $result = $json; -$result->{timedOut} = $timedOut; + if ($timedOut) { + $result->{timedOut} = 1; + } +} print STDOUT encode_json($result) . "\n"; exit 0;