mirror of
https://github.com/ZeppelinBot/Zeppelin.git
synced 2025-03-16 14:11:50 +00:00
Only allow specific flags in TSafeRegex
This commit is contained in:
parent
53742f1970
commit
cfac89118e
1 changed files with 6 additions and 1 deletions
|
@ -12,6 +12,7 @@ const regexWithFlags = /^\/(.*?)\/([i]*)$/;
|
||||||
* The value is then checked for "catastrophic exponential-time regular expressions" by
|
* The value is then checked for "catastrophic exponential-time regular expressions" by
|
||||||
* https://www.npmjs.com/package/safe-regex
|
* https://www.npmjs.com/package/safe-regex
|
||||||
*/
|
*/
|
||||||
|
const safeRegexAllowedFlags = ["i"];
|
||||||
export const TSafeRegex = new t.Type<RegExp, string>(
|
export const TSafeRegex = new t.Type<RegExp, string>(
|
||||||
"TSafeRegex",
|
"TSafeRegex",
|
||||||
(s): s is RegExp => s instanceof RegExp,
|
(s): s is RegExp => s instanceof RegExp,
|
||||||
|
@ -19,7 +20,11 @@ export const TSafeRegex = new t.Type<RegExp, string>(
|
||||||
either.chain(t.string.validate(from, to), s => {
|
either.chain(t.string.validate(from, to), s => {
|
||||||
const advancedSyntaxMatch = s.match(regexWithFlags);
|
const advancedSyntaxMatch = s.match(regexWithFlags);
|
||||||
const [regexStr, flags] = advancedSyntaxMatch ? [advancedSyntaxMatch[1], advancedSyntaxMatch[2]] : [s, ""];
|
const [regexStr, flags] = advancedSyntaxMatch ? [advancedSyntaxMatch[1], advancedSyntaxMatch[2]] : [s, ""];
|
||||||
return safeRegex(regexStr) ? t.success(new RegExp(regexStr, flags)) : t.failure(from, to, "Unsafe regex");
|
const finalFlags = flags
|
||||||
|
.split("")
|
||||||
|
.filter(flag => safeRegexAllowedFlags.includes(flag))
|
||||||
|
.join("");
|
||||||
|
return safeRegex(regexStr) ? t.success(new RegExp(regexStr, finalFlags)) : t.failure(from, to, "Unsafe regex");
|
||||||
}),
|
}),
|
||||||
s => `/${s.source}/${s.flags}`,
|
s => `/${s.source}/${s.flags}`,
|
||||||
);
|
);
|
||||||
|
|
Loading…
Add table
Reference in a new issue