StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-03-15 05:41:51 +00:00
Code Releases Activity

Only allow specific flags in TSafeRegex

Browse source
This commit is contained in:
Dragory 2019-10-11 23:39:54 +03:00
parent 53742f1970
commit cfac89118e
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/validatorUtils.ts
View file

@ -12,6 +12,7 @@ const regexWithFlags = /^\/(.*?)\/([i]*)$/;
* The value is then checked for "catastrophic exponential-time regular expressions" by
* https://www.npmjs.com/package/safe-regex
*/
const safeRegexAllowedFlags = ["i"];
export const TSafeRegex = new t.Type<RegExp, string>(
"TSafeRegex",
(s): s is RegExp => s instanceof RegExp,
@ -19,7 +20,11 @@ export const TSafeRegex = new t.Type<RegExp, string>(
either.chain(t.string.validate(from, to), s => {
const advancedSyntaxMatch = s.match(regexWithFlags);
const [regexStr, flags] = advancedSyntaxMatch ? [advancedSyntaxMatch[1], advancedSyntaxMatch[2]] : [s, ""];
return safeRegex(regexStr) ? t.success(new RegExp(regexStr, flags)) : t.failure(from, to, "Unsafe regex");
const finalFlags = flags
.split("")
.filter(flag => safeRegexAllowedFlags.includes(flag))
.join("");
return safeRegex(regexStr) ? t.success(new RegExp(regexStr, finalFlags)) : t.failure(from, to, "Unsafe regex");
}),
s => `/${s.source}/${s.flags}`,
);