diff options
| author | meekdenzo <55823259+meekdenzo@users.noreply.github.com> | 2021-12-02 13:29:38 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-02 10:29:38 -0800 |
| commit | cdfb4917e6028c8f966276d6e792018c7fd2ae3c (patch) | |
| tree | aeb59d51c12758f575e03cc1b9981d50404a4891 | |
| parent | bb41f2a59aa41af0b906f0cb9a11ffa6332e56dd (diff) | |
| download | async-cdfb4917e6028c8f966276d6e792018c7fd2ae3c.tar.gz | |
Fix an inefficient regex in autoInject (#1767)
* Fix an inefficient regex in autoInject
* 'properly strip comments in argument definitions' test failure
* Update test/autoInject.js
Co-authored-by: Rich Trott <rtrott@gmail.com>
* Update on url-comments lib/autoInject.js
Co-authored-by: Rich Trott <rtrott@gmail.com>
* move new tests test/autoInject.js
* indentation fix test/autoInject.js
Co-authored-by: Rich Trott <rtrott@gmail.com>
| -rw-r--r-- | lib/autoInject.js | 2 | ||||
| -rw-r--r-- | test/autoInject.js | 29 |
2 files changed, 30 insertions, 1 deletions
diff --git a/lib/autoInject.js b/lib/autoInject.js index cff2eb6..21f95bd 100644 --- a/lib/autoInject.js +++ b/lib/autoInject.js @@ -6,7 +6,7 @@ var FN_ARGS = /^(?:async\s+)?(?:function)?\s*\w*\s*\(\s*([^)]+)\s*\)(?:\s*{)/; var ARROW_FN_ARGS = /^(?:async\s+)?\(?\s*([^)=]+)\s*\)?(?:\s*=>)/; var FN_ARG_SPLIT = /,/; var FN_ARG = /(=.+)?(\s*)$/; -var STRIP_COMMENTS = /((\/\/.*$)|(\/\*[\s\S]*?\*\/))/mg; +var STRIP_COMMENTS = /(\/\*(?:[^/]|\/(?!\*))*\*\/)|\/\/.*$/mg; function parseParams(func) { const src = func.toString().replace(STRIP_COMMENTS, ''); diff --git a/test/autoInject.js b/test/autoInject.js index 3088faa..e18767a 100644 --- a/test/autoInject.js +++ b/test/autoInject.js @@ -224,4 +224,33 @@ describe('autoInject', () => { done() }) }) + + it('should not be subject to ReDoS', () => { + // This test will timeout if the bug is present. + var someComments = 'text/*'.repeat(1000000) + expect(() => async.autoInject({ + someComments, + a () {} + })).to.throw() + }); + + it('should properly strip comments in argument definitions', (done) => { + async.autoInject({ + task1: function(task2, /* ) */ callback) { + callback(null, true); + }, + task2: function task2(task3 // ) + ,callback) { + callback(null, true); + }, + task3: function task3(callback) { + callback(null, true); + } + }, + (err, result) => { + expect(err).to.eql(null); + expect(result).to.deep.eql({task1: true, task2: true, task3: true}); + done(); + }); + }); }); |