Skip to content

v0.1.2 - False Positive Fix

Latest
Latest

Choose a tag to compare

View all tags
@dvershinin dvershinin released this 09 Jan 11:38
· 6 commits to main since this release
v0.1.2
07b5d12

Bug Fixes

  • Fixed false positives: Simple patterns like ^a+ were incorrectly flagged as vulnerable

    • Fixed epsilon elimination in OrderedNFA to properly track intermediate states

  • Improved detection: Hybrid checker now runs both automaton and fuzz checkers

    • Takes the more severe result, ensuring nested quantifier patterns like (a+)+ are caught
    • The automaton checker has limitations with certain patterns due to epsilon elimination

Test Results

All 532 tests pass.

Examples

# Now correctly identified as SAFE
redoctor '^a+'
# SAFE: ^a+

# Correctly identified as VULNERABLE  
redoctor '^(a+)+$'
# VULNERABLE: ^(a+)+$
#   Complexity: O(2^n)
Assets 2
Loading