github_mirrors/ua-parser-js
3
0
Fork 1
mirror of https://github.com/faisalman/ua-parser-js.git synced 2025-09-27 07:58:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix #342 - Enforce all regexes to comply with safe-regex as a safeguard against possible ReDoS vulnerability

Browse Source
This commit is contained in:
Faisal Salman 2021-03-26 19:39:00 +07:00
parent b406b5df2c
commit 2cfd792d24
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -120,6 +120,7 @@
"jshint": "~2.12.0", "jshint": "~2.12.0",
"mocha": "~8.2.0", "mocha": "~8.2.0",
"requirejs": "^2.3.2", "requirejs": "^2.3.2",
"safe-regex": "^2.1.1",
"uglify-js": "~3.12.0", "uglify-js": "~3.12.0",
"verup": "^1.3.x" "verup": "^1.3.x"
}, },

27
test/test.js
View File

@ -1,3 +1,5 @@
var fs = require('fs');
var safe = require('safe-regex');
var assert = require('assert'); var assert = require('assert');
var requirejs = require('requirejs'); var requirejs = require('requirejs');
var UAParser = require('./../src/ua-parser'); var UAParser = require('./../src/ua-parser');
@ -122,3 +124,28 @@ describe('Using Require.js', function () {
}); });
}); });
}); });
describe('Testing regexes', function () {
var regexes;
// todo: use AST-based instead of grep
before('Read main js file', function (done) {
fs.readFile('src/ua-parser.js', 'utf8', function (err, data) {
regexes = data.match(/(\/.+\/[ig]+)(?=[,\s\n])/g);
done();
});
});
describe('Begin testing', function () {
it('all regexes in main file', function () {
regexes.forEach(function (regex) {
describe('Test against `safe-regex` : ' + regex, function () {
it('should be safe from potentially vulnerable regex', function () {
assert.strictEqual(safe(regex), true);
});
});
});
});
});
})