Bug 1219313 - regexploit has runtime dependency on python2 (/urs/bin/python)
Summary: regexploit has runtime dependency on python2 (/urs/bin/python)
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Sebastian Wagner
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1219306
  Show dependency treegraph
 
Reported: 2024-01-29 16:29 UTC by Dominique Leuenberger
Modified: 2024-02-08 16:26 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Leuenberger 2024-01-29 16:29:22 UTC 
> zypper info --requires regexploit
Loading repository data...
Reading installed packages...


Information for package regexploit:
-----------------------------------
Repository     : Main Repository (OSS)
Name           : regexploit
Version        : 1.0.0-1.13
Arch           : noarch
Vendor         : openSUSE
Installed Size : 376.5 KiB
Installed      : No
Status         : not installed
Source package : regexploit-1.0.0-1.13.src
Upstream URL   : https://github.com/doyensec/regexploit
Summary        : Find regular expressions vulnerable to ReDoS
Description    : 
    Many default regular expression parsers have unbounded worst-case complexity.
    Regex matching may be quick when presented with a matching input string.
    However, certain non-matching input strings can make the regular expression
    matcher go into crazy backtracking loops and take ages to process. This can
    cause denial of service, as the CPU will be stuck trying to match the regex.

    This tool is designed to:
    * find regular expressions which are vulnerable to ReDoS
    * give an example malicious string which will cause catastrophic backtracking

    Supports:
    - C#
    - JavaScript/TypeScript (requires node to be installed)
    - JSON
    - Python
    - YAML
Requires       : [5]
    /usr/bin/python3
    /usr/bin/python
    /usr/bin/node
    python(abi) = 3.11
    python3-base >= 3.8



the dependency on /usr/bin/python should be eliminated (port all scripts to python3)
Comment 1 Dominique Leuenberger 2024-01-29 16:32:58 UTC 
Most scripts have a fix shebanh - except this one:

/usr/lib/python3.11/site-packages/regexploit/bin/regexploit-python-env:#!/usr/bin/python
Comment 2 Sebastian Wagner 2024-02-01 10:42:40 UTC 
https://build.opensuse.org/request/show/1143291
Comment 3 Dominique Leuenberger 2024-02-08 16:26:47 UTC 
(In reply to Sebastian Wagner from comment #2)
> https://build.opensuse.org/request/show/1143291

accepted => fixed