Skip to content

Commit c03827c

Browse files
authored
Merge pull request #4 from Woorank/redos
Mitigate against Redos
2 parents 491ecd5 + feba68e commit c03827c

File tree

4 files changed

+8
-3
lines changed

4 files changed

+8
-3
lines changed

Diff for: lib/patterns.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ exports.path = function makePathPattern (pattern) {
3838
const specificityString = pattern.replace(/\*/g, '');
3939

4040
pattern = pattern
41-
.split('*')
41+
.split(/\*+/)
4242
.map(escapeRegExp)
4343
.join('(?:.*)');
4444

Diff for: package-lock.json

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "robots-txt-guard",
3-
"version": "0.2.1",
3+
"version": "1.0.0",
44
"description": "Validate urls against robots.txt rules.",
55
"main": "lib/guard.js",
66
"repository": {

Diff for: test/patterns.spec.js

+5
Original file line numberDiff line numberDiff line change
@@ -150,5 +150,10 @@ describe('patterns', function () {
150150

151151
assertNoMatch(pattern, '/Fish.PHP');
152152
});
153+
154+
it('should handle a ReDos', function () {
155+
const pattern = patterns.path('/*****************************************************************************.js$');
156+
assertMatch(pattern, '/hello.js');
157+
});
153158
});
154159
});

0 commit comments

Comments
 (0)