Skip to content

Commit

Permalink
Fix ReDoS (#593)
Browse files Browse the repository at this point in the history
Fix 6 ReDoS-vulnerable regexes with pattern `\d*\.?\d+`.
Fix strategy: Replace  `\d*\.?\d+` with  `(d+|\d*\.\d+)`
  • Loading branch information
yetingli authored Apr 22, 2021
1 parent 209adf9 commit bd1e9e0
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -799,7 +799,7 @@ var QUERIES = [
select: sinceQuery
},
{
regexp: /^(>=?|<=?)\s*(\d*\.?\d+)%$/,
regexp: /^(>=?|<=?)\s*(d+|\d*\.\d+)%$/,
select: function (context, sign, popularity) {
popularity = parseFloat(popularity)
var usage = browserslist.usage.global
Expand All @@ -824,7 +824,7 @@ var QUERIES = [
}
},
{
regexp: /^(>=?|<=?)\s*(\d*\.?\d+)%\s+in\s+my\s+stats$/,
regexp: /^(>=?|<=?)\s*(d+|\d*\.\d+)%\s+in\s+my\s+stats$/,
select: function (context, sign, popularity) {
popularity = parseFloat(popularity)
if (!context.customUsage) {
Expand Down Expand Up @@ -852,7 +852,7 @@ var QUERIES = [
}
},
{
regexp: /^(>=?|<=?)\s*(\d*\.?\d+)%\s+in\s+(\S+)\s+stats$/,
regexp: /^(>=?|<=?)\s*(d+|\d*\.\d+)%\s+in\s+(\S+)\s+stats$/,
select: function (context, sign, popularity, name) {
popularity = parseFloat(popularity)
var stats = env.loadStat(context, name, browserslist.data)
Expand Down Expand Up @@ -887,7 +887,7 @@ var QUERIES = [
}
},
{
regexp: /^(>=?|<=?)\s*(\d*\.?\d+)%\s+in\s+((alt-)?\w\w)$/,
regexp: /^(>=?|<=?)\s*(d+|\d*\.\d+)%\s+in\s+((alt-)?\w\w)$/,
select: function (context, sign, popularity, place) {
popularity = parseFloat(popularity)
if (place.length === 2) {
Expand Down Expand Up @@ -918,11 +918,11 @@ var QUERIES = [
}
},
{
regexp: /^cover\s+(\d*\.?\d+)%$/,
regexp: /^cover\s+(d+|\d*\.\d+)%$/,
select: coverQuery
},
{
regexp: /^cover\s+(\d*\.?\d+)%\s+in\s+(my\s+stats|(alt-)?\w\w)$/,
regexp: /^cover\s+(d+|\d*\.\d+)%\s+in\s+(my\s+stats|(alt-)?\w\w)$/,
select: coverQuery
},
{
Expand Down

0 comments on commit bd1e9e0

Please sign in to comment.