Skip to content

Commit

Permalink
Merge pull request #4 from Woorank/redos
Browse files Browse the repository at this point in the history 
Mitigate against Redos
  • Loading branch information
@Janpot
Janpot authored Feb 7, 2021
2 parents 491ecd5 + feba68e commit c03827c
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/patterns.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ exports.path = function makePathPattern (pattern) {
const specificityString = pattern.replace(/\*/g, '');

pattern = pattern
.split('*')
.split(/\*+/)
.map(escapeRegExp)
.join('(?:.*)');

Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "robots-txt-guard",
"version": "0.2.1",
"version": "1.0.0",
"description": "Validate urls against robots.txt rules.",
"main": "lib/guard.js",
"repository": {
Expand Down
5 changes: 5 additions & 0 deletions test/patterns.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,5 +150,10 @@ describe('patterns', function () {

assertNoMatch(pattern, '/Fish.PHP');
});

it('should handle a ReDos', function () {
const pattern = patterns.path('/*****************************************************************************.js$');
assertMatch(pattern, '/hello.js');
});
});
});

0 comments on commit c03827c

Please sign in to comment.