🐛 FIX: Avoid ReDoS (#36)

closes https://github.com/eggjs/egg-cookies/security/code-scanning/1
eggjs · Jun 20, 2022 · ebe330e · ebe330e
1 parent 719f8cd
commit ebe330e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/cookies.js b/lib/cookies.js
@@ -149,7 +149,7 @@ class Cookies {
 
 // https://github.com/linsight/should-send-same-site-none/blob/master/index.js#L86
 function parseChromiumAndMajorVersion(userAgent) {
-  const m = /Chrom[^ \/]+\/(\d+)[\.\d]* /.exec(userAgent);
+  const m = /Chrom[^ \/]{1,100}\/(\d{1,100}?)\./.exec(userAgent);
   if (!m) return { chromium: false, version: null };
   // Extract digits from first capturing group.
   return { chromium: true, majorVersion: parseInt(m[1]) };