Replace stacktrace splitting logic to resolve a REDoS vulnerability
This commit is contained in:
parent
61681bf88e
commit
1f43580bc5
|
@ -8,7 +8,7 @@ const defaultValue = require("default-value");
|
||||||
// I'm so, so sorry...
|
// I'm so, so sorry...
|
||||||
let lineRegex = /\s+at\s+(?:(?:((?:[^\[\n])+)\[as ([^\]]+)\] |((?:[^\(\n])+))\(([^\)\n]+)\)|([^\n]+))(?:\n|$)/gm;
|
let lineRegex = /\s+at\s+(?:(?:((?:[^\[\n])+)\[as ([^\]]+)\] |((?:[^\(\n])+))\(([^\)\n]+)\)|([^\n]+))(?:\n|$)/gm;
|
||||||
let geckoLineRegex = /^([^@\n]*)@(.+)/gm;
|
let geckoLineRegex = /^([^@\n]*)@(.+)/gm;
|
||||||
let positionRegex = /(.+):(\d+):(\d+)/;
|
let numberRegex = /^\d+$/;
|
||||||
|
|
||||||
function maybeTrim(value) {
|
function maybeTrim(value) {
|
||||||
if (value != null) {
|
if (value != null) {
|
||||||
|
@ -24,17 +24,35 @@ function maybeTrim(value) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function isLocation(locationString) {
|
||||||
|
return (locationString.split(":").length > 2);
|
||||||
|
}
|
||||||
|
|
||||||
|
function splitLocation(locationString) {
|
||||||
|
let parts = locationString.split(":");
|
||||||
|
|
||||||
|
if (parts.length > 2) {
|
||||||
|
let pathPartCount = parts.length - 2;
|
||||||
|
|
||||||
|
return [
|
||||||
|
parts.slice(0, pathPartCount).join(":"),
|
||||||
|
parts[pathPartCount],
|
||||||
|
parts[pathPartCount + 1],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function parseLocation(locationString) {
|
function parseLocation(locationString) {
|
||||||
if (locationString === "<anonymous>") {
|
if (locationString === "<anonymous>") {
|
||||||
return { anonymous: true };
|
return { anonymous: true };
|
||||||
} else {
|
} else {
|
||||||
let match = positionRegex.exec(locationString);
|
let parts = splitLocation(locationString);
|
||||||
|
|
||||||
if (match != null) {
|
if (parts != null && numberRegex.test(parts[1]) && numberRegex.test(parts[2])) {
|
||||||
return {
|
return {
|
||||||
path: match[1],
|
path: parts[0],
|
||||||
line: parseInt(match[2]),
|
line: parseInt(parts[1]),
|
||||||
column: parseInt(match[3])
|
column: parseInt(parts[2])
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
throw new Error(`Could not parse location from string: ${locationString}`);
|
throw new Error(`Could not parse location from string: ${locationString}`);
|
||||||
|
@ -91,7 +109,7 @@ module.exports = function parseStackTrace(error) {
|
||||||
|
|
||||||
let firstStackLine = lines
|
let firstStackLine = lines
|
||||||
.map((line) => line.trim())
|
.map((line) => line.trim())
|
||||||
.findIndex((line) => positionRegex.test(line));
|
.findIndex((line) => isLocation(line));
|
||||||
|
|
||||||
if (firstStackLine !== -1) {
|
if (firstStackLine !== -1) {
|
||||||
let cleanStack = lines
|
let cleanStack = lines
|
||||||
|
|
Loading…
Reference in a new issue