Replace stacktrace splitting logic to resolve a REDoS vulnerability

pull/4/head
Sven Slootweg 2 years ago
parent 61681bf88e
commit 1f43580bc5

@ -8,7 +8,7 @@ const defaultValue = require("default-value");
// I'm so, so sorry...
let lineRegex = /\s+at\s+(?:(?:((?:[^\[\n])+)\[as ([^\]]+)\] |((?:[^\(\n])+))\(([^\)\n]+)\)|([^\n]+))(?:\n|$)/gm;
let geckoLineRegex = /^([^@\n]*)@(.+)/gm;
let positionRegex = /(.+):(\d+):(\d+)/;
let numberRegex = /^\d+$/;
function maybeTrim(value) {
if (value != null) {
@ -24,17 +24,35 @@ function maybeTrim(value) {
}
}
function isLocation(locationString) {
return (locationString.split(":").length > 2);
}
function splitLocation(locationString) {
let parts = locationString.split(":");
if (parts.length > 2) {
let pathPartCount = parts.length - 2;
return [
parts.slice(0, pathPartCount).join(":"),
parts[pathPartCount],
parts[pathPartCount + 1],
];
}
}
function parseLocation(locationString) {
if (locationString === "<anonymous>") {
return { anonymous: true };
} else {
let match = positionRegex.exec(locationString);
let parts = splitLocation(locationString);
if (match != null) {
if (parts != null && numberRegex.test(parts[1]) && numberRegex.test(parts[2])) {
return {
path: match[1],
line: parseInt(match[2]),
column: parseInt(match[3])
path: parts[0],
line: parseInt(parts[1]),
column: parseInt(parts[2])
};
} else {
throw new Error(`Could not parse location from string: ${locationString}`);
@ -91,7 +109,7 @@ module.exports = function parseStackTrace(error) {
let firstStackLine = lines
.map((line) => line.trim())
.findIndex((line) => positionRegex.test(line));
.findIndex((line) => isLocation(line));
if (firstStackLine !== -1) {
let cleanStack = lines

Loading…
Cancel
Save