Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix vulnerable pattern in trim http://stackstatus.net/post/1477106246…
  • Loading branch information
leafo committed Jul 21, 2016
1 parent 642041f commit 4a58f5c
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 2 deletions.
7 changes: 6 additions & 1 deletion lapis/util.lua
Expand Up @@ -167,7 +167,12 @@ uniquify = function(list)
end)()
end
trim = function(str)
return tostring(str):match("^%s*(.-)%s*$")
str = tostring(str)
if #str > 200 then
return str:gsub("^%s+", ""):reverse():gsub("^%s+", ""):reverse()
else
return str:match("^%s*(.-)%s*$")
end
end
trim_all = function(tbl)
for k, v in pairs(tbl) do
Expand Down
8 changes: 7 additions & 1 deletion lapis/util.moon
Expand Up @@ -102,7 +102,13 @@ uniquify = (list) ->
seen[item] = true
item

trim = (str) -> tostring(str)\match "^%s*(.-)%s*$"
trim = (str) ->
str = tostring str

if #str > 200
str\gsub("^%s+", "")\reverse()\gsub("^%s+", "")\reverse()
else
str\match "^%s*(.-)%s*$"

trim_all = (tbl) ->
for k,v in pairs tbl
Expand Down
5 changes: 5 additions & 0 deletions spec/util_spec.moon
Expand Up @@ -249,6 +249,11 @@ tests = {
"blah blah"
}

{
-> util.trim " hello#{" "\rep 20000}world "
"hello#{" "\rep 20000}world"
}

{
-> util.trim_filter {
" ", " thing ",
Expand Down

0 comments on commit 4a58f5c

Please sign in to comment.