Heuristic python ast remove cronlike strings

fl0-O · Dec 28, 2020 · e28a595 · e28a595
1 parent c069021
commit e28a595
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/regexploit/python_node_visitor.py b/regexploit/python_node_visitor.py
@@ -39,6 +39,8 @@ def maybe_pattern(self, lineno: int, pattern: str):
         if pattern.count("*") + pattern.count("+") >= 2:
             # Could have REDoS
             # Now check if it still looks like a docstring
+            if " * * *" in pattern:
+                return  # Looks like cron (of course could just be really silly regex)
             if pattern.count("\n") < 5 or "?" in pattern or "\\" in pattern:
                 self.patterns.append(PythonParsedRegex(lineno, pattern, 0, False))