Skip to main content

    Metavariable analysis

    Metavariable analysis was created to support some metavariable inspection techniques that are difficult to express with existing rules but have "simple" binary classifier behavior. Currently, this syntax supports two analyzers: redos and entropy

    ReDoS

    metavariable-analysis:
    analyzer: redos
    metavariable: $VARIABLE

    RegEx denial of service is caused by poorly-constructed regular expressions that exhibit exponential runtime when fed specifically-crafted inputs. The redos analyzer uses known RegEx antipatterns to determine if the target expression is potentially vulnerable to catastrophic backtracking.

    Entropy

    metavariable-analysis:
    analyzer: entropy
    metavariable: $VARIABLE

    Entropy is a common approach for detecting secret strings - many existing tools leverage a combination of entropy calculations and RegEx for secret detection. This analyzer returns true if a metavariable has high entropy (randomness) relative to the English language.


    Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.