From 9e0db63b5bfe3aa7dad45f8e937e26dce3ed6006 Mon Sep 17 00:00:00 2001
From: James Lu <james@overdrivenetworks.com>
Date: Thu, 17 Oct 2019 22:13:51 -0700
Subject: [PATCH] SedRegex: add test for ReDoS timeout

From: https://github.com/jlu5/SupyPlugins/commit/81debc45ecd103f4773e7380ef1be505d86a2909
---
 plugins/SedRegex/test.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plugins/SedRegex/test.py b/plugins/SedRegex/test.py
index c277eb717..9300ebb16 100644
--- a/plugins/SedRegex/test.py
+++ b/plugins/SedRegex/test.py
@@ -173,6 +173,14 @@ class SedRegexTestCase(ChannelPluginTestCase):
         m = self.getMsg(' ')
         self.assertIn('Segmentation fault (core dumped)', str(m))
 
+    def testReDoSTimeout(self):
+        # From https://snyk.io/blog/redos-and-catastrophic-backtracking/
+        for idx in range(500):
+            self.feedMsg("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")
+        self.feedMsg(r"s/A(B|C+)+D/this should abort/")
+        m = self.getMsg(' ', timeout=1)
+        self.assertIn('timed out', str(m))
+
     # TODO: test ignores
 
 # vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79: