Overview

File regexploit.spec of Package regexploit

#
# spec file for package regexploit
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           regexploit
Version:        1.0.0
Release:        0
Summary:        Find regular expressions vulnerable to ReDoS
License:        Apache-2.0
URL:            https://github.com/doyensec/regexploit
Source:         https://files.pythonhosted.org/packages/source/r/regexploit/regexploit-%{version}.tar.gz
BuildRequires:  fdupes
BuildRequires:  python-rpm-macros
BuildRequires:  python3-setuptools
Requires:       python3-base >= 3.8
Suggests:       node > 12
BuildArch:      noarch

%description
Many default regular expression parsers have unbounded worst-case complexity.
Regex matching may be quick when presented with a matching input string.
However, certain non-matching input strings can make the regular expression
matcher go into crazy backtracking loops and take ages to process. This can
cause denial of service, as the CPU will be stuck trying to match the regex.

This tool is designed to:
* find regular expressions which are vulnerable to ReDoS
* give an example malicious string which will cause catastrophic backtracking

Supports:
- C#
- JavaScript/TypeScript (requires node to be installed)
- JSON
- Python
- YAML

%prep
%setup -q -n regexploit-%{version}
# delete env-shebangs, not needed
sed -i '1{/\/usr\/bin\/env python/d;}' regexploit/bin/*.*
sed -i '1s/env //' regexploit/bin/javascript/index.js
sed -i '1s/env python/python3/' regexploit/bin/regexploit-python-env

%build
%python3_build

%install
%python3_install
%fdupes %{buildroot}%{python3_sitelib}

%files
%{python3_sitelib}/*
%{_bindir}/regexploit*
%license LICENSE
%doc README.md

%changelog
openSUSE Build Service is sponsored by
Places