Escape regular expressions with values passed by the user #3505

glowcloud · 2024-05-08T13:33:23Z

We need to escape regular expressions which are built with values passed by the user:

swagger-js/src/execute/index.js

Line 356 in 43e55ec

const re = new RegExp(`{${variable}}`, 'g');

For this, we can use escapeRegExp function from the ramda-adjunct library.

The text was updated successfully, but these errors were encountered:

Refs #3505

## [3.27.5](v3.27.4...v3.27.5) (2024-05-08) ### Bug Fixes * **security:** escape regular expression created from user input ([#3506](#3506)) ([013edf9](013edf9)), closes [#3505](#3505)

char0n · 2024-05-08T14:21:35Z

Addressed in #3506

glowcloud added version: 3.x cat: security labels May 8, 2024

glowcloud self-assigned this May 8, 2024

glowcloud added a commit that referenced this issue May 8, 2024

fix(security): escape regular expression

e9301f2

Refs #3505

glowcloud mentioned this issue May 8, 2024

fix(security): escape regular expression #3506

Merged

char0n pushed a commit that referenced this issue May 8, 2024

fix(security): escape regular expression created from user input (#3506)

013edf9

Refs #3505

char0n closed this as completed May 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Escape regular expressions with values passed by the user #3505

Escape regular expressions with values passed by the user #3505

glowcloud commented May 8, 2024

char0n commented May 8, 2024

Escape regular expressions with values passed by the user #3505

Escape regular expressions with values passed by the user #3505

Comments

glowcloud commented May 8, 2024

char0n commented May 8, 2024