More regex vulnerabilities #633
Description
Vulnerability 1:
{
"pattern" : "(ip[honead]+)(?:.*os\\s([\\w]+)*\\slike\\smac|;\\sopera)",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 41,
"attackFormat" : {
"suffix" : "mao\tlike",
"pumpPairs" : [
{
"pump" : "aa",
"prefix" : "ipaos\ta"
}
]
},
"blowupCurve" : {
"type" : "EXP",
"parms" : [
1.68252152799622e-05,
1.02277083501163
],
"r2" : 0.999112531966309
},
"nPumpsFor10Sec" : "13"
}
Vulnerability 2:
{
"pattern" : "mozilla.+\\(mobile;.+gecko.+firefox",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 14501,
"attackFormat" : {
"suffix" : "e(",
"pumpPairs" : [
{
"pump" : "(mobile;a",
"prefix" : "mozillaa"
},
{
"pump" : "geckoa",
"prefix" : "a"
}
]
},
"nPumpsFor10Sec" : "966",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
6.58962531661688e-08,
2.74365114787988
],
"r2" : 0.99755470117338
}
}
Vulnerability 3:
{
"pattern" : "(mozilla)\\/([\\w\\.]+).+rv\\:.+gecko\\/\\d+",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 5327,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "mozilla/a"
},
{
"pump" : "rv:a",
"prefix" : "a"
}
],
"suffix" : "l."
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.27067150194932e-07,
2.61514694922589
],
"r2" : 0.995405928298896
},
"nPumpsFor10Sec" : "1063"
}
Vulnerability 4:
{
"pattern" : "android.+(hm[\\s\\-_]*note?[\\s_]*(?:\\d\\w)?)\\s+build",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 64340,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "\t",
"prefix" : "androidahm\tnote\t"
}
],
"suffix" : "b\t"
},
"nPumpsFor10Sec" : "64322",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.42254726119814e-08,
1.8422559977878
],
"r2" : 0.996761065166856
}
}
Vulnerability 5:
{
"pattern" : "^[A-Za-z](?:[A-Za-z0-9._-]|-)*$",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 32,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "-",
"prefix" : "A"
}
],
"suffix" : "!"
},
"blowupCurve" : {
"type" : "EXP",
"parms" : [
0.000230682530164219,
0.356215203799924
],
"r2" : 0.991807543245278
},
"nPumpsFor10Sec" : "30"
}
Vulnerability 6:
{
"pattern" : "^@\\s*([^:]+)\\s*:\\s*([^\\s]+)\\s*$",
"filesIn" : [
[
"src/deep-framework/browser/framework.js",
"src/deep-kernel/lib/ContainerAware.js"
]
],
"stringLenFor10Sec" : 87870,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "@\t"
},
{
"pump" : "\t",
"prefix" : "a"
}
],
"suffix" : "\t:a\t:"
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
2.24677968476133e-08,
1.86259910857765
],
"r2" : 0.996784917991378
},
"nPumpsFor10Sec" : "43931"
}
Vulnerability 7:
{
"pattern" : "^(\\/?|)([\\s\\S]*?)((?:\\.{1,2}|[^\\/]+?|)(\\.[^.\\/]*|))(?:[\\/]*)$",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 43935,
"attackFormat" : {
"suffix" : "/.",
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "/a"
}
]
},
"nPumpsFor10Sec" : "43931",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
5.64878779220729e-08,
1.7829628306126
],
"r2" : 0.99471235433996
}
}
Vulnerability 8:
{
"pattern" : "^\\s*(.+?)\\s*=\\s*(.+?)\\s*$",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 283027,
"attackFormat" : {
"suffix" : "a",
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "\t"
},
{
"pump" : "\t",
"prefix" : "a"
},
{
"pump" : "a",
"prefix" : "\t=\t"
},
{
"pump" : "\t",
"prefix" : "a"
}
]
},
"nPumpsFor10Sec" : "70755",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
2.09375729529965e-08,
1.79391473054338
],
"r2" : 0.995769564360116
}
}
Vulnerability 9:
{
"pattern" : "(trident).+rv[:\\s]([\\w\\.]+).+like\\sgecko",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 70771,
"attackFormat" : {
"suffix" : "eca$",
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "tridentarv\ta"
}
]
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
2.55157424049271e-08,
1.77828402839188
],
"r2" : 0.994352138766184
},
"nPumpsFor10Sec" : "70755"
}
Vulnerability 10:
{
"pattern" : "(kf[A-z]+)\\sbuild\\/[\\w\\.]+.*silk\\/",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 70769,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "kfa\tbuild/a"
}
],
"suffix" : "u[s"
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.1536974868772e-08,
1.8462246890808
],
"r2" : 0.996401068706911
},
"nPumpsFor10Sec" : "70755"
}
Vulnerability 11:
{
"pattern" : "android.+(mi[\\s\\-_]*(?:one|one[\\s_]plus)?[\\s_]*(?:\\d\\w)?)\\s+build",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 2353,
"attackFormat" : {
"suffix" : "u",
"pumpPairs" : [
{
"pump" : "\t",
"prefix" : "androidami\t"
},
{
"pump" : "\t",
"prefix" : "\t"
}
]
},
"nPumpsFor10Sec" : "1170",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.44373344247649e-07,
2.56482058190623
],
"r2" : 0.992904825966048
}
}
Vulnerability 12:
{
"pattern" : "version\\/([\\w\\.]+).+?(mobile\\s?safari|safari)",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 85628,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "version/a"
}
],
"suffix" : "e\tms"
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
3.12095204481713e-09,
1.93112352101979
],
"r2" : 0.996034182634448
},
"nPumpsFor10Sec" : "85615"
}
Vulnerability 13:
{
"pattern" : "^<(?:(?:(?:\\.\\.\\/)*|\\/?)(?:[\\w-]+(?:\\/[\\w-]+)+)?[\\w-]+\\.h|[a-z]\\w*)>",
"filesIn" : [
[
"docs-api/deep-di/script/prettify/prettify.js",
"docs-api/deep-core/script/prettify/prettify.js",
"docs-api/deep-db/script/prettify/prettify.js",
"docs-api/deep-validation/script/prettify/prettify.js",
"docs-api/deep-notification/script/prettify/prettify.js",
"docs-api/deep-fs/script/prettify/prettify.js",
"docs-api/deep-event/script/prettify/prettify.js",
"docs-api/deep-security/script/prettify/prettify.js",
"docs-api/deep-cache/script/prettify/prettify.js",
"docs-api/deep-search/script/prettify/prettify.js",
"docs-api/deep-kernel/script/prettify/prettify.js",
"docs-api/deep-resource/script/prettify/prettify.js",
"docs-api/deep-log/script/prettify/prettify.js",
"docs-api/deep-asset/script/prettify/prettify.js"
]
],
"stringLenFor10Sec" : 70765,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "<../a/a"
}
],
"suffix" : "A/a"
},
"nPumpsFor10Sec" : "70755",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.37161477989705e-08,
1.83115156063407
],
"r2" : 0.996410817892168
}
}
Vulnerability 14:
{
"pattern" : "(opera\\s[mobiletab]+).+version\\/([\\w\\.-]+)",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 70763,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "opera\ta"
}
],
"suffix" : "\t"
},
"nPumpsFor10Sec" : "70755",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
1.09443542461353e-08,
1.85015784256676
],
"r2" : 0.996265430202465
}
}
Vulnerability 15:
{
"pattern" : "rv\\:([\\w\\.]+).*(gecko)",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 70764,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : "a",
"prefix" : "rv:a"
}
],
"suffix" : "e$gec"
},
"blowupCurve" : {
"type" : "POWER",
"parms" : [
2.23205788055452e-08,
1.79017060487476
],
"r2" : 0.994750122414602
},
"nPumpsFor10Sec" : "70755"
}
Vuln 16:
{
"pattern" : "^\\s*at (?:((?:\\[object object\\])?.+) )?\\(?((?:file|ms-appx|https?|webpack|blob):.*?):(\\d+)(?::(\\d+))?\\)?\\s*$",
"filesIn" : [
[
"src/deep-framework/browser/framework.js"
]
],
"stringLenFor10Sec" : 148797,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : " blob:",
"prefix" : "\tat [object object]a"
}
],
"suffix" : "o"
},
"nPumpsFor10Sec" : "24796",
"blowupCurve" : {
"type" : "POWER",
"parms" : [
5.56713861838268e-08,
1.8807830913603
],
"r2" : 0.997684933689693
}
}