ReDoS on link regex #29
Comments
|
Sorry for the delay; I've spent the past several months trying to bring a startup to launch. Yikes! This looks like a real bug, thanks for pointing it out and I'll look into it. |
|
Figured out the issue; I'll have a fix for this out by monday. Sorry for the month lag D: |
Makes the same modification from marked in this commit: markedjs/marked@d53f206 Fixes issue #29 Test plan: Run the following in node, and get output instantly: ``` require('./simple-markdown.js').defaultHtmlOutput(require('./simple-markdown.js').defaultBlockParse('[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n')); ```
Makes the same modification from marked in this commit: markedjs/marked@d53f206 Fixes issue #29 Test plan: Run the following in node, and get output instantly: ``` require('./simple-markdown.js').defaultHtmlOutput(require('./simple-markdown.js').defaultBlockParse('[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n[+test)[]\n')); ```
|
Hi again! This is fixed in version 0.2.2 (on npm), which is now out on npm. I also reworked my bold/italic nested parsing solution so that it's backwards compatible, and released that as 0.3.0 (which includes 0.2.2/the fix for this issue). This lets simple-markdown correctly parse If this isn't a good time to test a more significant change, just updating to 0.2.2 fixes just this issue. Thanks for your work on discord & for letting me know about simple-markdown issues~! |
|
@ariabuckles thanks for your continued support of this module! we definitely exploit simple-markdown to the best of its ability and it's quite great for what it does. this week i will bump the version and throw it onto canary if things look alright locally (canary is our cutting edge public build that people are eager to try and report bugs for). i'll be sure to report any issues encountered 🤞 |
|
Awesome, thanks @night! I'm happy it's been useful to you :D |
The regex for the
linkrule is subject to DoS when there is a malformed link.Working repro:
The text was updated successfully, but these errors were encountered: