Replace stacktrace splitting logic to resolve a REDoS vulnerability

This commit is contained in:
Sven Slootweg 2022-03-20 00:27:22 +01:00
parent 61681bf88e
commit 1f43580bc5

View file

@ -8,7 +8,7 @@ const defaultValue = require("default-value");
// I'm so, so sorry... // I'm so, so sorry...
let lineRegex = /\s+at\s+(?:(?:((?:[^\[\n])+)\[as ([^\]]+)\] |((?:[^\(\n])+))\(([^\)\n]+)\)|([^\n]+))(?:\n|$)/gm; let lineRegex = /\s+at\s+(?:(?:((?:[^\[\n])+)\[as ([^\]]+)\] |((?:[^\(\n])+))\(([^\)\n]+)\)|([^\n]+))(?:\n|$)/gm;
let geckoLineRegex = /^([^@\n]*)@(.+)/gm; let geckoLineRegex = /^([^@\n]*)@(.+)/gm;
let positionRegex = /(.+):(\d+):(\d+)/; let numberRegex = /^\d+$/;
function maybeTrim(value) { function maybeTrim(value) {
if (value != null) { if (value != null) {
@ -24,17 +24,35 @@ function maybeTrim(value) {
} }
} }
function isLocation(locationString) {
return (locationString.split(":").length > 2);
}
function splitLocation(locationString) {
let parts = locationString.split(":");
if (parts.length > 2) {
let pathPartCount = parts.length - 2;
return [
parts.slice(0, pathPartCount).join(":"),
parts[pathPartCount],
parts[pathPartCount + 1],
];
}
}
function parseLocation(locationString) { function parseLocation(locationString) {
if (locationString === "<anonymous>") { if (locationString === "<anonymous>") {
return { anonymous: true }; return { anonymous: true };
} else { } else {
let match = positionRegex.exec(locationString); let parts = splitLocation(locationString);
if (match != null) { if (parts != null && numberRegex.test(parts[1]) && numberRegex.test(parts[2])) {
return { return {
path: match[1], path: parts[0],
line: parseInt(match[2]), line: parseInt(parts[1]),
column: parseInt(match[3]) column: parseInt(parts[2])
}; };
} else { } else {
throw new Error(`Could not parse location from string: ${locationString}`); throw new Error(`Could not parse location from string: ${locationString}`);
@ -91,7 +109,7 @@ module.exports = function parseStackTrace(error) {
let firstStackLine = lines let firstStackLine = lines
.map((line) => line.trim()) .map((line) => line.trim())
.findIndex((line) => positionRegex.test(line)); .findIndex((line) => isLocation(line));
if (firstStackLine !== -1) { if (firstStackLine !== -1) {
let cleanStack = lines let cleanStack = lines