Fix potential exponential backtracking in regex in utils.parseExtensionSource

This commit is contained in:
Shivam Mathur 2022-01-22 02:25:58 +05:30
parent 9ca9ab33ef
commit c38f1acc38
No known key found for this signature in database
GPG Key ID: 3E13E4C8591ACC2A
2 changed files with 3 additions and 2 deletions

2
dist/index.js vendored
View File

@ -1177,7 +1177,7 @@ async function customPackage(pkg, type, version, os_version) {
} }
exports.customPackage = customPackage; exports.customPackage = customPackage;
async function parseExtensionSource(extension, prefix) { async function parseExtensionSource(extension, prefix) {
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/; const regex = /(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
const matches = regex.exec(extension); const matches = regex.exec(extension);
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com'; matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix); return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix);

View File

@ -492,7 +492,8 @@ export async function parseExtensionSource(
prefix: string prefix: string
): Promise<string> { ): Promise<string> {
// Groups: extension, domain url, org, repo, release // Groups: extension, domain url, org, repo, release
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/; const regex =
/(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
const matches = regex.exec(extension) as RegExpExecArray; const matches = regex.exec(extension) as RegExpExecArray;
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com'; matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
return await joins( return await joins(