Metavariable analysis
Metavariable analysis was created to support some metavariable inspection techniques that are difficult to express with existing rules but have "simple" binary classifier behavior. Currently, this syntax supports two analyzers: redos and entropy
ReDoS
metavariable-analysis:
analyzer: redos
metavariable: $VARIABLE
RegEx denial of service is caused by poorly constructed regular expressions that exhibit exponential runtime when fed specifically crafted inputs. The redos analyzer uses known RegEx antipatterns to determine if the target expression is potentially vulnerable to catastrophic backtracking.
Entropy
metavariable-analysis:
analyzer: entropy
metavariable: $VARIABLE
Entropy is a common approach for detecting secret strings - many existing tools leverage a combination of entropy calculations and RegEx for secret detection. This analyzer returns true if a metavariable has high entropy (randomness) relative to the English language.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.