GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xSobky → Regaxor

0xSobky / Regaxor

Licence: MPL-2.0 license
A regular expression fuzzer.

Programming Languages

javascript
184084 projects - #8 most used programming language
CSS
56736 projects
HTML
75241 projects

Labels

toolsregexregexpregular-expressionfuzzing

Projects that are alternatives of or similar to Regaxor

Picomatch
Blazing fast and accurate glob matcher written JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.
Stars: ✭ 393 (+1022.86%)
Mutual labels:  regex, regexp, regular-expression
Grex
A command-line tool and library for generating regular expressions from user-provided test cases
Stars: ✭ 4,847 (+13748.57%)
Mutual labels:  regex, regexp, regular-expression
Regulex
🚧 Regular Expression Excited!
Stars: ✭ 4,877 (+13834.29%)
Mutual labels:  regex, regexp, regular-expression
Regex Dos
👮 👊 RegEx Denial of Service (ReDos) Scanner
Stars: ✭ 143 (+308.57%)
Mutual labels:  regex, regexp, regular-expression
moar
Deterministic Regular Expressions with Backreferences
Stars: ✭ 19 (-45.71%)
Mutual labels:  regex, regexp, regular-expression
Rex
Your RegEx companion.
Stars: ✭ 283 (+708.57%)
Mutual labels:  regex, regexp, regular-expression
Commonregex
🍫 A collection of common regular expressions for Go
Stars: ✭ 733 (+1994.29%)
Mutual labels:  regex, regexp, regular-expression
regexp-expand
Show the ELisp regular expression at point in rx form.
Stars: ✭ 18 (-48.57%)
Mutual labels:  regex, regexp, regular-expression
Hyperscan Java
Match tens of thousands of regular expressions within milliseconds - Java bindings for Intel's hyperscan 5
Stars: ✭ 66 (+88.57%)
Mutual labels:  regex, regexp, regular-expression
Emoji Regex
A regular expression to match all Emoji-only symbols as per the Unicode Standard.
Stars: ✭ 1,134 (+3140%)
Mutual labels:  regex, regexp, regular-expression
RgxGen
Regex: generate matching and non matching strings based on regex pattern.
Stars: ✭ 45 (+28.57%)
Mutual labels:  regex, regexp, regular-expression
Regexpu
A source code transpiler that enables the use of ES2015 Unicode regular expressions in ES5.
Stars: ✭ 201 (+474.29%)
Mutual labels:  regex, regexp, regular-expression
globrex
Glob to regular expression with support for extended globs.
Stars: ✭ 52 (+48.57%)
Mutual labels:  regex, regexp, regular-expression
Regexp2
A full-featured regex engine in pure Go based on the .NET engine
Stars: ✭ 389 (+1011.43%)
Mutual labels:  regex, regexp, regular-expression
expand-brackets
Expand POSIX bracket expressions (character classes) in glob patterns.
Stars: ✭ 26 (-25.71%)
Mutual labels:  regex, regexp, regular-expression
Onigmo
Onigmo is a regular expressions library forked from Oniguruma.
Stars: ✭ 536 (+1431.43%)
Mutual labels:  regex, regexp, regular-expression
cregex
A small implementation of regular expression matching engine in C
Stars: ✭ 72 (+105.71%)
Mutual labels:  regex, regexp, regular-expression
Regexr
For composing regular expressions without the need for double-escaping inside strings.
Stars: ✭ 53 (+51.43%)
Mutual labels:  regex, regexp, regular-expression
Orchestra
One language to be RegExp's Successor. Visually readable and rich, technically safe and extended, naturally scalable, advanced, and optimized
Stars: ✭ 103 (+194.29%)
Mutual labels:  regex, regexp, regular-expression
Regex For Regular Folk
🔍💪 Regular Expressions for Regular Folk — A visual, example-based introduction to RegEx [BETA]
Stars: ✭ 242 (+591.43%)
Mutual labels:  regex, regexp, regular-expression
View All Similar Projects ➔

Regaxor

Regaxor (RegExp Haxxor) is a regular expression fuzzer, written in ECMAScript 6.

Why do we need it?

Whatever you're coding, regular expressions come in handy in various situations and are often very useful but can also be very tricky to get right. Writing a regex that matches what you expect is easy; writing a regex that only matches what you expect is virtually impossible (except in trivial cases). That's where this tool comes into play—by fuzzing regular expressions, we can easily detect any issues/gotchas before learning about them the hard way.

Regex gotchas?!

The following are just some examples of common regex gotchas (NVM the funny titles):

  1. In the beginning was the Word
let badRegex = /https?:\/\/example\.com\/[\w]*/;
let str = 'Word\nhttps://example.com/';
str.match(badRegex);
// Output: ["https://example.com/", index: 5, input: "Word↵https://example.com/", groups: undefined]

let goodRegex = /^https?:\/\/example\.com\/[\w]*/;
str.match(goodRegex);
// Output: null

'https://example.com/'.match(goodRegex);
// Output: ["https://example.com/", index: 0, input: "https://example.com/", groups: undefined]
  1. Catch 22
let badRegex = /[123]|22/g;
badRegex.exec('22');
// Output: ["2", index: 0, input: "22", groups: undefined]

let goodRegex = /22|[123]/g;
goodRegex.exec('22');
// Output: ["22", index: 0, input: "22", groups: undefined]
  1. One sneaky dot
let str = 'https://exampleXcom';
let badRegex = /^\w+:\/\/example.com$/;
badRegex.exec(str);
// Output: ["https://exampleXcom", index: 0, input: "https://exampleXcom", groups: undefined]

let goodRegex = /^\w+:\/\/example\.com$/;
goodRegex.exec(str);
// Output: null

goodRegex.exec('https://example.com');
// Output: ["https://example.com", index: 0, input: "https://example.com", groups: undefined]
  1. All or nothing
let badRegex = /^\.*|\d+$/g;
'abc'.match(badRegex);
// Output: [""]

let goodRegex = /^[\d.]+$/g;
'abc'.match(goodRegex);
// Output: null

'12.3'.match(goodRegex);
// Output: ["12.3"]
  1. The word boundary trap
let badRegex = /word/;
badRegex.exec('aworda');
// Output: ["word", index: 1, input: "aworda", groups: undefined]

let goodRegex = /\bword\b/;
goodRegex.exec('aworda');
// Output: null

goodRegex.exec('a word');
// Output: ["word", index: 2, input: "a word", groups: undefined]
  1. Multiline confusion
let badRegex = /a.*b/;
badRegex.exec('a\nb');
// Output: null

let alsoBadRegex = /a.*b/m;
alsoBadRegex.exec('a\nb');
// Output: null

let goodRegex = /a[^]*b/;
goodRegex.exec('a\nb');
// Output: ["a↵b", index: 0, input: "a↵b", groups: undefined]
  1. One escape is not enough
let badRegex = 'x\.com';
new RegExp(badRegex).exec('xycom');
// Output: ["xycom", index: 0, input: "xycom", groups: undefined]

let goodRegex = 'x\\.com';
new RegExp(goodRegex).exec('xycom');
// Output: null

new RegExp(goodRegex).exec('x.com');
// Output: ["x.com", index: 0, input: "x.com", groups: undefined]
  1. Escaping the escaping
let str = 'double\\"quotes"';

// Bad.
str.replace(/"/g, '\\"');
// Output: "double\\"quotes\""

// Not bad but not recommended.
str.replace(/(\\|")/g, '\\$1');
// Output: "double\\\"quotes\""

// Better.
str.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
// Output: "double\\\"quotes\""
  1. Too greedy
let badRegex = /<.+><\/.+>/g;
let tags = '<tag attribute="foo"></tag><tag id="foo"></tag>';
badRegex.exec(tags);
// Output: ["<tag attribute="foo"></tag><tag id="foo"></tag>", index: 0, input: "<tag attribute="foo"></tag><tag id="foo"></tag>", groups: undefined]

let notBadRegex = /<.+?><\/.+?>/g;
notBadRegex.exec(tags);
// Output: ["<tag attribute="foo"></tag>", index: 0, input: "<tag attribute="foo"></tag><tag id="foo"></tag>", groups: undefined]

notBadRegex.exec(tags);
// Output: ["<tag id="foo"></tag>", index: 27, input: "<tag attribute="foo"></tag><tag id="foo"></tag>", groups: undefined]
  1. The misplaced hyphen
let badRegex = /[\w -$]+/;
'#'.match(badRegex);
// Output: ["#", index: 0, input: "#", groups: undefined]

let goodRegex = /[\w $-]+/;
'#'.match(goodRegex);
// Output: null

'$100 USD'.match(goodRegex);
// Output: ["$100 USD", index: 0, input: "$100 USD", groups: undefined]

At times, writing a regex can feel like walking in a minefield. At other times, regular expressions are the wrong answer—or as Jamie Zawinski puts it Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.. So, especially in security-sensitive contexts, you're probably better off not using regular expressions unless you really have to....

Screenshot(s)

screenshot.png

Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].