https://bugzilla.suse.com/show_bug.cgi?id=1219313 Bug ID: 1219313 Summary: regexploit has runtime dependency on python2 (/urs/bin/python) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: dimstar@opensuse.org QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: ---

zypper info --requires regexploit Loading repository data... Reading installed packages...

Information for package regexploit: ----------------------------------- Repository : Main Repository (OSS) Name : regexploit Version : 1.0.0-1.13 Arch : noarch Vendor : openSUSE Installed Size : 376.5 KiB Installed : No Status : not installed Source package : regexploit-1.0.0-1.13.src Upstream URL : https://github.com/doyensec/regexploit Summary : Find regular expressions vulnerable to ReDoS Description : Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input strings can make the regular expression matcher go into crazy backtracking loops and take ages to process. This can cause denial of service, as the CPU will be stuck trying to match the regex. This tool is designed to: * find regular expressions which are vulnerable to ReDoS * give an example malicious string which will cause catastrophic backtracking Supports: - C# - JavaScript/TypeScript (requires node to be installed) - JSON - Python - YAML Requires : [5] /usr/bin/python3 /usr/bin/python /usr/bin/node python(abi) = 3.11 python3-base >= 3.8 the dependency on /usr/bin/python should be eliminated (port all scripts to python3) -- You are receiving this mail because: You are on the CC list for the bug.