README

README.md

@@ -8,14 +8,13 @@ Something something regexes are bad.
 
 ## Starriness
 
-This reflects the complexity of the regular expression matcher's backtracking procedure with respect to the length of the entered string.
+Not sure what to call this. This reflects the complexity of the regular expression matcher's backtracking procedure with respect to the length of the entered string.
 
 With a starriness of 3, we have approximately cubic complexity. This means that if the vulnerable part of the string is doubled in length, the execution time should be 8 times longer (2^3).
-
-For explotability, a cubic complexity or higher (starriness >= 3) is required unless truly giant strings are allowed as input.
-
 For exponential REDoS with starred stars e.g. `(a*)*$` a fudge factor is used and the starriness will be greater than 10.
 
+For explotability, a cubic complexity or higher (starriness >= 3) is typically required unless truly giant strings are allowed as input.
+
 ## Example
 
 Run `regexploit` and enter the regular expression `abc*[a-z]+c+$` at the command line.
@@ -31,7 +30,7 @@ Final character to cause backtracking: [^[a-z]]
 Example: 'ab' + 'c' * 3456 + '0'
 ```
 
-The part `c*[a-z]+c+` contains three overlapping repeating groups. As showed in the line `Repeated character: [c]`, a long string of `c` will match this section in many different ways. The starriness is 3 as there are 3 infinitely repeating groups. An example to cause backtracking is given: it consists of the required prefix `ab`, a long string of `c` and then a killer `0` to cause backtracking. Not all REDoSes require a particular character at the end, but in this case, a long string of `c` will match the regex successfully and won't backtrack. The line `Final character to cause backtracking: [^[a-z]]` shows that a non-matching character out of the range `[a-z]` is required at the end to prevent matching and cause REDoS.
+The part `c*[a-z]+c+` contains three overlapping repeating groups. As showed in the line `Repeated character: [c]`, a long string of `c` will match this section in many different ways. The starriness is 3 as there are 3 infinitely repeating groups. An example to cause REDoS is given: it consists of the required prefix `ab`, a long string of `c` and then a killer `0` to cause backtracking. Not all REDoSes require a particular character at the end, but in this case, a long string of `c` will match the regex successfully and won't backtrack. The line `Final character to cause backtracking: [^[a-z]]` shows that a non-matching character not in the range `[a-z]` is required at the end to prevent matching and cause REDoS.
 
 As another example, install a module version vulnerable to REDoS such as `pip install ua-parser==0.9.0`.
 To scan the installed python modules run `regexploit-python`.