Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(isSlug & rtrim): regex no longer exposed to ReDOS attacks #1603

Merged
merged 1 commit into from
Mar 3, 2021

Conversation

fedeci
Copy link
Contributor

@fedeci fedeci commented Feb 12, 2021

This should be merged after #1602
Regexes are updated in order not to change their behaviour, but only their logic.

Fixes #1596 and fixes #1599

Checklist

  • PR contains only changes related; no stray files, etc.
  • README updated (where applicable)
  • Tests written (where applicable)

@codecov
Copy link

codecov bot commented Feb 12, 2021

Codecov Report

Merging #1603 (9a7f773) into master (1b85829) will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##            master     #1603   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          100       100           
  Lines         1796      1798    +2     
=========================================
+ Hits          1796      1798    +2     
Impacted Files Coverage Δ
src/lib/isPassportNumber.js 100.00% <ø> (ø)
src/lib/isDataURI.js 100.00% <100.00%> (ø)
src/lib/isIdentityCard.js 100.00% <100.00%> (ø)
src/lib/isMACAddress.js 100.00% <100.00%> (ø)
src/lib/isSlug.js 100.00% <100.00%> (ø)
src/lib/isStrongPassword.js 100.00% <100.00%> (ø)
src/lib/rtrim.js 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1b85829...b1e31fe. Read the comment docs.

@tux-tn tux-tn closed this Mar 1, 2021
@tux-tn tux-tn reopened this Mar 1, 2021
Copy link
Member

@tux-tn tux-tn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉 thank you for spotting and fixing the ReDOS

Copy link
Member

@profnandaa profnandaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ReDoS in rtrim ReDoS in isSlug
3 participants