| Title |
Test
Find
URL validation .NET URLvalidation
|
| Expression |
^(ht|f)tp(s?)\:\/\/(([a-zA-Z0-9\-\._]+(\.[a-zA-Z0-9\-\._]+)+)|localhost)(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?([\d\w\.\/\%\+\-\=\&\?\:\\\"\'\,\|\~\;]*)$ |
| Description |
Validates URL to see if the input pattern is a valid URL (ftp, http, https, etc); can be easily modified to support others such as file:/// | Pattern has been tested using .NET runtime engine | localhost literal support for windows IIS server and visal studio (2005 or later) built-in asp.net web-server |
| Matches |
http://regexlib.com | http://www.google.com | ftp://teach.me.regex/checkpattern/o | http://www.google.com/search?hl=en&source=hp&q=asp.net | https://secure.mailserver.com | http://localhost/mypage.html | http://localhost:89783/mypage.aspx | http://go.com | http://forum.whoisyourdaddy.org/index.html?RegID=7449046&Daddy=dontknow&son=me |
| Non-Matches |
http:// | http://whoisyourdaddy | httpOrhttpsOrftp.com |
| Author |
Rating:
Eric Wai Chan
|
| Source |
|
| Your Rating |
|
Title: Do not use -- vulnerable to REDOS
Name: James C. Davis
Date: 3/17/2018 2:25:24 AM
Comment:
This regex is vulnerable to REDOS.
"stringLenFor10Sec" : 766,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : ".a",
"prefix" : "https://a"
},
{
"pump" : "a",
"prefix" : "a"
},
{
"prefix" : "a",
"pump" : "a"
}
],
"suffix" : "s:$"
},
"stringLenFor10Sec" : 766,
"attackFormat" : {
"pumpPairs" : [
{
"pump" : ".a",
"prefix" : "https://a"
},
{
"pump" : "a",
"prefix" : "a"
},
{
"prefix" : "a",
"pump" : "a"
}
],
"suffix" : "s:$"
},
"nPumpsFor10Sec" : "188",
"nPumpsFor10Sec" : "188",
