(#7115) - Remove catastrophic backtracking vulnerability

Problem: A regex to parse function names was vulnerable to catastrophic backtracking. Solution: Alter the regex to make it safe. The new regex matches the same language. This regex is not exploitable for REDOS as currently used. This change is for future-proofing.
pouchdb · Mar 4, 2018 · 64894da · 64894da
1 parent d6cece3
commit 64894da
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/packages/node_modules/pouchdb-utils/src/functionName.js b/packages/node_modules/pouchdb-utils/src/functionName.js
@@ -15,7 +15,13 @@ if (hasName) {
   };
 } else {
   res = function (fun) {
-    return fun.toString().match(/^\s*function\s*(\S*)\s*\(/)[1];
+    var match = fun.toString().match(/^\s*function\s*(?:(\S+)\s*)?\(/);
+    if (match && match[1]) {
+      return match[1];
+    }
+    else {
+      return '';
+    }
   };
 }