From da6f8af864da5c1d4cbad7285a000b472392f364 Mon Sep 17 00:00:00 2001
From: sttk <sttk.xslet@gmail.com>
Date: Thu, 24 Jun 2021 13:13:02 +0900
Subject: [PATCH] test: Add a test case for ReDoS vulnerability

---
 test/index.test.js | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/test/index.test.js b/test/index.test.js
index 9cd8eb5..027b0b7 100644
--- a/test/index.test.js
+++ b/test/index.test.js
@@ -4,6 +4,8 @@ var gp = require('../');
 var expect = require('expect');
 var isWin32 = require('os').platform() === 'win32';
 
+var performance = require('perf_hooks').performance;
+
 describe('glob-parent', function () {
   it('should strip glob magic to return parent path', function (done) {
     expect(gp('.')).toEqual('.');
@@ -224,6 +226,27 @@ describe('glob2base test patterns', function () {
 
     done();
   });
+
+  it('should not increase calc. time exponentially by \'/\' count [CVE-2021-35065]', function (done) {
+    var measure = function(n) {
+      var input = "{" + "/".repeat(n);
+      var st = performance.now();
+      gp(input);
+      var ed = performance.now();
+      return (ed - st) / (n * n);
+    };
+
+    var result0 = measure(5000);
+
+    [50000, 500000].forEach(function(n) {
+      var result1 = measure(n);
+      console.log(result1 / result0, result0, result1);
+      expect(result1 / result0).toBeLessThan(0.9);
+      result0 = result1;
+    });
+
+    done();
+  });
 });
 
 if (isWin32) {