Skip to main content

Metavariable analysis

Metavariable analysis was created to support some metavariable inspection techniques that are difficult to express with existing rules but have "simple" binary classifier behavior. Currently, this syntax supports two analyzers: redos and entropy

ReDoS

metavariable-analysis:
analyzer: redos
metavariable: $VARIABLE

RegEx denial of service is caused by poorly constructed regular expressions that exhibit exponential runtime when fed specifically crafted inputs. The redos analyzer uses known RegEx antipatterns to determine if the target expression is potentially vulnerable to catastrophic backtracking.

Entropy

metavariable-analysis:
analyzer: entropy
metavariable: $VARIABLE

Entropy is a common approach for detecting secret strings - many existing tools leverage a combination of entropy calculations and RegEx for secret detection. This analyzer returns true if a metavariable has high entropy (randomness) relative to the English language.


Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.