Skip to content

Commit

Permalink
fix: ignore unsafe regex in namespace
Browse files Browse the repository at this point in the history 
Fixes #737
  • Loading branch information
Jahed Ahmed committed May 11, 2021
1 parent e47f96d commit de36844
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 3 deletions.
3 changes: 2 additions & 1 deletion package.json
View file
Expand Up @@ -31,7 +31,8 @@
"test:coverage": "cat ./coverage/lcov.info | coveralls"
},
"dependencies": {
"ms": "2.1.2"
"ms": "2.1.2",
"safe-regex": "^2.1.1"
},
"devDependencies": {
"brfs": "^2.0.1",
Expand Down
16 changes: 14 additions & 2 deletions src/common.js
View file
Expand Up @@ -4,6 +4,8 @@
* implementations of `debug()`.
*/

const safeRegex = require('safe-regex');

function setup(env) {
createDebug.debug = createDebug;
createDebug.default = createDebug;
Expand Down Expand Up @@ -179,9 +181,19 @@ function setup(env) {
namespaces = split[i].replace(/\*/g, '.*?');

if (namespaces[0] === '-') {
createDebug.skips.push(new RegExp('^' + namespaces.substr(1) + '$'));
const regex = new RegExp('^' + namespaces.substr(1) + '$');
if (safeRegex(regex)) {
createDebug.skips.push(regex);
} else {
createDebug.log(`ignoring unsafe skipped namespace regex: "${regex}"`);
}
} else {
createDebug.names.push(new RegExp('^' + namespaces + '$'));
const regex = new RegExp('^' + namespaces + '$');
if (safeRegex(regex)) {
createDebug.names.push(regex);
} else {
createDebug.log(`ignoring unsafe enabled namespace regex: "${regex}"`);
}
}
}
}
Expand Down
26 changes: 26 additions & 0 deletions test.js
View file
Expand Up @@ -137,4 +137,30 @@ describe('debug', () => {
assert.deepStrictEqual(messages, ['test2', 'test3']);
});
});

describe('ignores unsafe regex', () => {
it('in enabled namespace', () => {
const messages = [];
debug.log = (...args) => messages.push(args);

debug.enable('(x+x+)+y');

assert.deepStrictEqual(messages.length, 1);
assert.deepStrictEqual(messages, [[
'ignoring unsafe enabled namespace regex: "/^(x+x+)+y$/"'
]]);
});

it('in skipped namespace', () => {
const messages = [];
debug.log = (...args) => messages.push(args);

debug.enable('-(x+x+)+y');

assert.deepStrictEqual(messages.length, 1);
assert.deepStrictEqual(messages, [[
'ignoring unsafe skipped namespace regex: "/^(x+x+)+y$/"'
]]);
});
});
});

0 comments on commit de36844

Please sign in to comment.