Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Software . 2018
License: CC BY
Data sources: Datacite
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Software . 2018
License: CC BY
Data sources: Datacite
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Software . 2018
License: CC BY
Data sources: ZENODO
 View all 2 versions
Claim

Artifact (software + dataset) for "The Impact of Regular Expression Denial of Service (ReDoS) in Practice: an Empirical Study at the Ecosystem Scale"

integration_instructionsResearch softwarekeyboard_double_arrow_right Software 04 Nov 2018Publisher:Zenodo
Authors: Davis, James C.; Coghlan, Christy A.; Servant, Francisco; Lee, Dongyoon;

doi: 10.5281/zenodo.1294300 , 10.5281/zenodo.1294301

Artifact (software + dataset) for "The Impact of Regular Expression Denial of Service (ReDoS) in Practice: an Empirical Study at the Ecosystem Scale"

Abstract

# Ecosystem-scale regexp study Welcome to the FSE'18 artifact for the ESEC/FSE paper *"The Impact of Regular Expression Denial of Service (ReDoS) in Practice: an Empirical Study at the Ecosystem Scale"*, by J.C. Davis, C.A Coghlan, F. Servant, and D. Lee, all of Virginia Tech. This paper describes a study in which we: - extracted regular expressions (regexes, regexps) from npm and pypi modules - analyzed the regexes along several dimensions Our artifact consists of: - Code to analyze a regex for super-linear performance (Table 1), degree of vulnerability (Table 2), semantic meaning (Table 3), and use of anti-patterns (Table 4). - Unique regexes collected from npm and pypi modules. We are releasing these regexes raw (without analysis or source module(s)) due to security concerns. In addition, we wrote code to statically extract regexes from npm and pypi modules. We released this code as part of our `vuln-regex-detector` software, available [here](https://github.com/davisjam/vuln-regex-detector). Regex extraction was uninteresting from a scientific perspective so we do not elaborate on it in this artifact. In addition to this directory's `README.md`, each sub-tree comes with one or more READMEs describing the software and tests. ## Installation ### By hand To install, execute the script `./configure` on an Ubuntu 16.04 machine with root privileges. This will obtain and install the various dependencies (OS packages, REDOS detectors, npm modules, and pypi modules). It will also initialize submodules. The final line of this script is `echo "Configuration complete. I hope everything works!"`. If you see this printed to the console, great! Otherwise...alas. ### Container To facilitate replication, we have published a [containerized version](https://hub.docker.com/r/jamiedavis/daviscoghlanservantlee-fse18-regexartifact/) of this project on hub.docker.com. The container is based on an Ubuntu 16.04 image so it is fairly large. For example, you might run: ``` docker pull jamiedavis/daviscoghlanservantlee-fse18-regexartifact docker run -ti jamiedavis/daviscoghlanservantlee-fse18-regexartifact > vim .env # Set ECOSYSTEM_REGEXP_PROJECT_ROOT=/davis-fse18-artifact/EcosystemREDOS-FSE18 > . .env > ./full-analysis/analyze-regexp.pl ./full-analysis/test/vuln-email.json ```

Related Organizations
Keywords

Catastrophic backtracking, JavaScript, Super-linear, Regular expressions, Ecosystem, Python

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
    OpenAIRE UsageCounts
    Usage byUsageCounts
    visibility views 32
    download downloads 5
  • 32
    views
    5
    downloads
    Powered byOpenAIRE UsageCounts
Powered by OpenAIRE graph
Found an issue? Give us feedback
visibility
download
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
views
OpenAIRE UsageCountsViews provided by UsageCounts
downloads
OpenAIRE UsageCountsDownloads provided by UsageCounts
0
Average
Average
Average
32
5