Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
fix regex in utils.stackTraceFilter to prevent ReDoS #3416 #3686
if the stack trace begins with a large error message (>= 20k charactors), and user leaves
Description of the Change
simplified the regex used in
It's possible to skip check error message in stack by skipping the first line but the regex fix won't change any behavior hence it is chosen.
Why should this be in core?
well, it's a bug introduced by the stack filtering feature.
mocha won't hang even if users make assertions with large error messages, which is quite possible because containment check is used a lot.
#3416 looks like one but it was because of an external library (still quite possible if chai makes large error message and
@cyjake I feel uncomfortable with this
@juergba Sorry for not catching your comment. Here's my two cents.
referenced this pull request
Jan 29, 2019
@cyjake I didn't get your description at first, especially this Error.stack is non standard and quite fuzzy to catch. A few more words in your description would have helped me a lot. And it's true, most of us don't know every line of code in every detail.
@plroebuck what about one more round of reviewing, then we merge this PR and you do your adaptions later?