Vulnerable RegExp in `BodyConverter` #218

ostridm · 2023-11-14T14:41:47Z

This regular expression is vulnerable for ReDoS due P complexity

    const [mime]: string[] = contentType
      .split(',')
      .map((x) => x.trim().replace(/;.+?$/, ''));

Prevent the ReDoS or refuse to use the regexp in this particular case.

Please refer to the source code at BodyConverter.ts#L60-L63

closes #218

ostridm added the Type: refactoring Changes in the way the code works internally without changing the output produced. label Nov 14, 2023

ostridm self-assigned this Nov 14, 2023

ostridm added a commit that referenced this issue Nov 14, 2023

refactor(oas): get rid of regexp in BodyConverter

954b170

closes #218

ostridm mentioned this issue Nov 14, 2023

fix(oas): prevent ReDoS in the BodyConverter #219

Merged

derevnjuk changed the title ~~OAS: get rid of using regexp in BodyConverter~~ Vulnerable RegExp in BodyConverter Nov 14, 2023

derevnjuk added Type: bug Something isn't working. and removed Type: refactoring Changes in the way the code works internally without changing the output produced. labels Nov 14, 2023

derevnjuk closed this as completed in #219 Nov 14, 2023

derevnjuk pushed a commit that referenced this issue Nov 14, 2023

fix(oas): prevent ReDoS in the BodyConverter (#219)

30eb0e4

closes #218

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerable RegExp in `BodyConverter` #218

Vulnerable RegExp in `BodyConverter` #218

ostridm commented Nov 14, 2023 •

edited by derevnjuk

Loading

Vulnerable RegExp in BodyConverter #218

Vulnerable RegExp in BodyConverter #218

Comments

ostridm commented Nov 14, 2023 • edited by derevnjuk Loading

Vulnerable RegExp in `BodyConverter` #218

Vulnerable RegExp in `BodyConverter` #218

ostridm commented Nov 14, 2023 •

edited by derevnjuk

Loading