StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-05-14 22:05:01 +00:00
Code Releases Activity

Run user-supplied regexes in worker threads with a timeout

Browse source
This commit is contained in:
Dragory 2020-08-05 01:15:36 +03:00
parent 19b97bc32b
commit a7fa258f2a
No known key found for this signature in database
GPG key ID: 5F387BA66DF8AAC1
15 changed files with 237 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

23
backend/src/validatorUtils.ts
View file

@ -8,23 +8,20 @@ import safeRegex from "safe-regex";
const regexWithFlags = /^\/(.*?)\/([i]*)$/;
/**
* The TSafeRegex type supports two syntaxes for regexes: /<regex>/<flags> and just <regex>
* The value is then checked for "catastrophic exponential-time regular expressions" by
* https://www.npmjs.com/package/safe-regex
* This function supports two input syntaxes for regexes: /<pattern>/<flags> and just <pattern>
*/
const safeRegexAllowedFlags = ["i"];
export const TSafeRegex = new t.Type<RegExp, string>(
"TSafeRegex",
export function inputPatternToRegExp(pattern: string) {
const advancedSyntaxMatch = pattern.match(regexWithFlags);
const [finalPattern, flags] = advancedSyntaxMatch ? [advancedSyntaxMatch[1], advancedSyntaxMatch[2]] : [pattern, ""];
return new RegExp(finalPattern, flags);
}
export const TRegex = new t.Type<RegExp, string>(
"TRegex",
(s): s is RegExp => s instanceof RegExp,
(from, to) =>
either.chain(t.string.validate(from, to), s => {
const advancedSyntaxMatch = s.match(regexWithFlags);
const [regexStr, flags] = advancedSyntaxMatch ? [advancedSyntaxMatch[1], advancedSyntaxMatch[2]] : [s, ""];
const finalFlags = flags
.split("")
.filter(flag => safeRegexAllowedFlags.includes(flag))
.join("");
return safeRegex(regexStr) ? t.success(new RegExp(regexStr, finalFlags)) : t.failure(from, to, "Unsafe regex");
return t.success(inputPatternToRegExp(s));
}),
s => `/${s.source}/${s.flags}`,
);