This repository has been archived by the owner on Apr 2, 2024. It is now read-only.

Fix code scanning alert - Polynomial regular expression used on uncontrolled data #768

Closed

1 task done

bennycode opened this issue Sep 30, 2022 · 1 comment · Fixed by #769

Closed

1 task done

Fix code scanning alert - Polynomial regular expression used on uncontrolled data #768

bennycode opened this issue Sep 30, 2022 · 1 comment · Fixed by #769

Owner

bennycode commented Sep 30, 2022 •

edited

Tracking issue for:

https://github.com/bennycode/coinbase-pro-node/security/code-scanning/1

bennycode linked a pull request

that will close this issue

fix(time): Remove polynomial regular expression #769

Merged

Owner Author

bennycode commented Sep 30, 2022

PR #367 introduced a polynomial regular expression used on uncontrolled data.

Details:

Some regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length n is proportional to nk or even 2n. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service ("DoS") attack by crafting an expensive input string for the regular expression to match.

We have to remove time.match(/epoch":(.*)\./i) which ultimately means removing to accept time skews as strings (as requested in #354).

bennycode closed this as completed in #769

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.