Basic Usage
Why Pre-Scanning?
The JavaScript parser itself can be vulnerable to:- Memory exhaustion - Extremely large files
- Stack overflow - Deeply nested expressions
- CPU exhaustion - Complex regex patterns
- Parsing hangs - Malformed Unicode sequences
Mandatory Limits
These limits protect against parser crashes and cannot be overridden:Pre-Scanner Presets
Using Presets
Regex Handling Modes
The pre-scanner supports three regex handling modes:Block Mode
Block ALL regex literals (AgentScript default, maximum security):Analyze Mode
Allow regex but analyze for ReDoS patterns:Allow Mode
Allow all regex without analysis (Permissive only):ReDoS Detection
The pre-scanner detects dangerous regex patterns that cause exponential backtracking:Manual ReDoS Analysis
Unicode Security
The pre-scanner detects Unicode-based attacks:Bidirectional Text (Trojan Source)
Invisible Characters
Custom Configuration
Related
- Overview - Getting started with ast-guard
- AgentScript Preset - LLM code validation
- Security Rules - AST validation rules