Fix #15, crash in ReDoS detection when malformed regular expression

dlint-py · Jan 21, 2020 · 4f5a9b6 · 4f5a9b6
1 parent 06c3a1c
commit 4f5a9b6
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Crash in `DUO138` when malformed regular expression ([#15](https://github.com/dlint-py/dlint/issues/15))
 
 ## [0.10.0] - 2020-01-21
 ### Added

diff --git a/dlint/redos/detect.py b/dlint/redos/detect.py
@@ -276,7 +276,11 @@ def mutually_inclusive_alternation(node):
 
 
 def catastrophic(pattern):
-    subpattern = sre_parse.parse(pattern)
+    try:
+        subpattern = sre_parse.parse(pattern)
+    except sre_constants.error:
+        return False
+
     root = OpNode(None, ())
 
     build_op_tree(root, subpattern)
@@ -290,12 +294,20 @@ def catastrophic(pattern):
 
 
 def dump(pattern):
-    subpattern = sre_parse.parse(pattern)
-    subpattern.dump()
+    try:
+        subpattern = sre_parse.parse(pattern)
+    except sre_constants.error as e:
+        print("Malformed expression: {}".format(str(e)))
+    else:
+        subpattern.dump()
 
 
 def dump_tree(pattern):
-    subpattern = sre_parse.parse(pattern)
-    root = OpNode(None, ())
-    build_op_tree(root, subpattern)
-    print(root)
+    try:
+        subpattern = sre_parse.parse(pattern)
+    except sre_constants.error as e:
+        print("Malformed expression: {}".format(str(e)))
+    else:
+        root = OpNode(None, ())
+        build_op_tree(root, subpattern)
+        print(root)
diff --git a/tests/test_bad_re_catastrophic_use.py b/tests/test_bad_re_catastrophic_use.py
@@ -733,6 +733,23 @@ def test_bad_re_catastrophic_missing_argument(self):
 
         assert result == expected
 
+    def test_bad_re_catastrophic_malformed_expression(self):
+        python_node = self.get_ast_node(
+            """
+            import re
+
+            re.search('(foo')
+            """
+        )
+
+        linter = dlint.linters.BadReCatastrophicUseLinter()
+        linter.visit(python_node)
+
+        result = linter.get_results()
+        expected = []
+
+        assert result == expected
+
 
 if __name__ == "__main__":
     unittest.main()