Commitf1253b4

authored

Add backtrack protection to 6.x (#324)

1 parent28a5b27 commitf1253b4Copy full SHA for f1253b4

File tree

5 files changed

+184

-55

lines changed

5 files changed

+184

-55

lines changed

`‎package-lock.json‎`

Lines changed: 102 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎package.json‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@`
`36`	`36`	`"@types/node":"^20.4.9",`
`37`	`37`	`"@types/semver":"^7.3.1",`
`38`	`38`	`"@vitest/coverage-v8":"^1.4.0",`
	`39`	`+"recheck":"^4.4.5",`
`39`	`40`	`"semver":"^7.3.5",`
`40`	`41`	`"size-limit":"^11.1.2",`
`41`	`42`	`"typescript":"^5.1.6"`
`@@ -46,7 +47,7 @@`
`46`	`47`	`"size-limit": [`
`47`	`48`	`{`
`48`	`49`	`"path":"dist.es2015/index.js",`
`49`		`-"limit":"2 kB"`
	`50`	`+"limit":"2.1 kB"`
`50`	`51`	`}`
`51`	`52`	`],`
`52`	`53`	`"ts-scripts": {`

`‎redos.ts‎`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,21 @@`
	`1`	`+import{checkSync}from"recheck";`
	`2`	`+import{pathToRegexp}from"./src/index.js";`
	`3`	`+`
	`4`	`+letsafe=0;`
	`5`	`+letfail=0;`
	`6`	`+`
	`7`	`+consttests=["/:x{/foobar/:y}?-:z"];`
	`8`	`+`
	`9`	`+for(constpathoftests){`
	`10`	`+constregexp=pathToRegexp(path);`
	`11`	`+constresult=checkSync(regexp.source,regexp.flags);`
	`12`	`+if(result.status==="safe"){`
	`13`	`+safe++;`
	`14`	`+console.log("Safe:",path,String(regexp));`
	`15`	`+}else{`
	`16`	`+fail++;`
	`17`	`+console.log("Fail:",path,String(regexp));`
	`18`	`+}`
	`19`	`+}`
	`20`	`+`
	`21`	`+console.log("Safe:",safe,"Fail:",fail);`

`‎src/index.spec.ts‎`

Lines changed: 32 additions & 47 deletions

Original file line number	Diff line number	Diff line change
`@@ -1353,7 +1353,7 @@ const TESTS: Test[] = [`
`1353`	`1353`	`prefix:".",`
`1354`	`1354`	`suffix:"",`
`1355`	`1355`	`modifier:"+",`
`1356`		`-pattern:"[^\\/#\\?]+?",`
	`1356`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`1357`	`1357`	`},`
`1358`	`1358`	`],`
`1359`	`1359`	`[`
`@@ -1397,7 +1397,7 @@ const TESTS: Test[] = [`
`1397`	`1397`	`prefix:".",`
`1398`	`1398`	`suffix:"",`
`1399`	`1399`	`modifier:"",`
`1400`		`-pattern:"[^\\/#\\?]+?",`
	`1400`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`1401`	`1401`	`},`
`1402`	`1402`	`".",`
`1403`	`1403`	`],`
`@@ -1430,13 +1430,13 @@ const TESTS: Test[] = [`
`1430`	`1430`	`prefix:".",`
`1431`	`1431`	`suffix:"",`
`1432`	`1432`	`modifier:"",`
`1433`		`-pattern:"[^\\/#\\?]+?",`
	`1433`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`1434`	`1434`	`},`
`1435`	`1435`	`],`
`1436`	`1436`	`[`
`1437`	`1437`	`["/route.html",["/route.html","route","html"]],`
`1438`	`1438`	`["/route",null],`
`1439`		`-["/route.html.json",["/route.html.json","route","html.json"]],`
	`1439`	`+["/route.html.json",["/route.html.json","route.html","json"]],`
`1440`	`1440`	`],`
`1441`	`1441`	`[`
`1442`	`1442`	`[{},null],`
`@@ -1459,13 +1459,13 @@ const TESTS: Test[] = [`
`1459`	`1459`	`prefix:".",`
`1460`	`1460`	`suffix:"",`
`1461`	`1461`	`modifier:"?",`
`1462`		`-pattern:"[^\\/#\\?]+?",`
	`1462`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`1463`	`1463`	`},`
`1464`	`1464`	`],`
`1465`	`1465`	`[`
`1466`	`1466`	`["/route",["/route","route",undefined]],`
`1467`	`1467`	`["/route.json",["/route.json","route","json"]],`
`1468`		`-["/route.json.html",["/route.json.html","route","json.html"]],`
	`1468`	`+["/route.json.html",["/route.json.html","route.json","html"]],`
`1469`	`1469`	`],`
`1470`	`1470`	`[`
`1471`	`1471`	`[{test:"route"},"/route"],`
`@@ -1491,13 +1491,13 @@ const TESTS: Test[] = [`
`1491`	`1491`	`prefix:".",`
`1492`	`1492`	`suffix:"",`
`1493`	`1493`	`modifier:"?",`
`1494`		`-pattern:"[^\\/#\\?]+?",`
	`1494`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`1495`	`1495`	`},`
`1496`	`1496`	`],`
`1497`	`1497`	`[`
`1498`	`1498`	`["/route",["/route","route",undefined]],`
`1499`	`1499`	`["/route.json",["/route.json","route","json"]],`
`1500`		`-["/route.json.html",["/route.json.html","route","json.html"]],`
	`1500`	`+["/route.json.html",["/route.json.html","route.json","html"]],`
`1501`	`1501`	`],`
`1502`	`1502`	`[`
`1503`	`1503`	`[{test:"route"},"/route"],`
`@@ -2084,7 +2084,7 @@ const TESTS: Test[] = [`
`2084`	`2084`	`prefix:"",`
`2085`	`2085`	`suffix:"",`
`2086`	`2086`	`modifier:"?",`
`2087`		`-pattern:"[^\\/#\\?]+?",`
	`2087`	`+pattern:"(?:(?!\\()[^\\/#\\?])+?",`
`2088`	`2088`	`},`
`2089`	`2089`	`")",`
`2090`	`2090`	`],`
`@@ -2290,7 +2290,7 @@ const TESTS: Test[] = [`
`2290`	`2290`	`prefix:".",`
`2291`	`2291`	`suffix:"",`
`2292`	`2292`	`modifier:"",`
`2293`		`-pattern:"[^\\/#\\?]+?",`
	`2293`	`+pattern:"(?:(?!\\.)[^\\/#\\?])+?",`
`2294`	`2294`	`},`
`2295`	`2295`	`],`
`2296`	`2296`	`[`
`@@ -2356,14 +2356,14 @@ const TESTS: Test[] = [`
`2356`	`2356`	`[`
`2357`	`2357`	`{`
`2358`	`2358`	`name:"foo",`
`2359`		`-pattern:"[^\\/#\\?]+?",`
	`2359`	`+pattern:"(?:(?!\\$)[^\\/#\\?])+?",`
`2360`	`2360`	`prefix:"$",`
`2361`	`2361`	`suffix:"",`
`2362`	`2362`	`modifier:"",`
`2363`	`2363`	`},`
`2364`	`2364`	`{`
`2365`	`2365`	`name:"bar",`
`2366`		`-pattern:"[^\\/#\\?]+?",`
	`2366`	`+pattern:"(?:(?!\\$)[^\\/#\\?])+?",`
`2367`	`2367`	`prefix:"$",`
`2368`	`2368`	`suffix:"",`
`2369`	`2369`	`modifier:"?",`
`@@ -2392,14 +2392,14 @@ const TESTS: Test[] = [`
`2392`	`2392`	`},`
`2393`	`2393`	`{`
`2394`	`2394`	`name:"attr2",`
`2395`		`-pattern:"[^\\/#\\?]+?",`
	`2395`	`+pattern:"(?:(?!-)[^\\/#\\?])+?",`
`2396`	`2396`	`prefix:"-",`
`2397`	`2397`	`suffix:"",`
`2398`	`2398`	`modifier:"?",`
`2399`	`2399`	`},`
`2400`	`2400`	`{`
`2401`	`2401`	`name:"attr3",`
`2402`		`-pattern:"[^\\/#\\?]+?",`
	`2402`	`+pattern:"(?:(?!-)[^\\/#\\?])+?",`
`2403`	`2403`	`prefix:"-",`
`2404`	`2404`	`suffix:"",`
`2405`	`2405`	`modifier:"?",`
`@@ -2597,39 +2597,6 @@ const TESTS: Test[] = [`
`2597`	`2597`	`[{foo:"#"},null],`
`2598`	`2598`	`],`
`2599`	`2599`	`],`
`2600`		`-/**`
`2601`		`- * https://github.com/pillarjs/path-to-regexp/issues/260`
`2602`		`- */`
`2603`		`-[`
`2604`		`-":name*",`
`2605`		`-undefined,`
`2606`		`-[`
`2607`		`-{`
`2608`		`-name:"name",`
`2609`		`-prefix:"",`
`2610`		`-suffix:"",`
`2611`		`-modifier:"*",`
`2612`		`-pattern:"[^\\/#\\?]+?",`
`2613`		`-},`
`2614`		`-],`
`2615`		`-[["foobar",["foobar","foobar"]]],`
`2616`		`-[[{name:"foobar"},"foobar"]],`
`2617`		`-],`
`2618`		`-[`
`2619`		`-":name+",`
`2620`		`-undefined,`
`2621`		`-[`
`2622`		`-{`
`2623`		`-name:"name",`
`2624`		`-prefix:"",`
`2625`		`-suffix:"",`
`2626`		`-modifier:"+",`
`2627`		`-pattern:"[^\\/#\\?]+?",`
`2628`		`-},`
`2629`		`-],`
`2630`		`-[["foobar",["foobar","foobar"]]],`
`2631`		`-[[{name:"foobar"},"foobar"]],`
`2632`		`-],`
`2633`	`2600`	`];`
`2634`	`2601`
`2635`	`2602`	`/**`
`@@ -2799,6 +2766,24 @@ describe("path-to-regexp", () => {`
`2799`	`2766`	`pathToRegexp.pathToRegexp("/foo?");`
`2800`	`2767`	`}).toThrow(newTypeError("Unexpected MODIFIER at 4, expected END"));`
`2801`	`2768`	`});`
	`2769`	`+`
	`2770`	`+it("should throw on parameters without text between them",()=>{`
	`2771`	`+expect(()=>{`
	`2772`	`+pathToRegexp.pathToRegexp("/:x:y");`
	`2773`	`+}).toThrow(`
	`2774`	`+newTypeError(`
	`2775`	+`Must have text between two parameters, missing text after "x"`,
	`2776`	`+),`
	`2777`	`+);`
	`2778`	`+});`
	`2779`	`+`
	`2780`	`+it("should throw on unrepeatable params",()=>{`
	`2781`	`+expect(()=>{`
	`2782`	`+pathToRegexp.pathToRegexp("/foo:x*");`
	`2783`	`+}).toThrow(`
	`2784`	+newTypeError(`Can not repeat "x" without a prefix and suffix`),
	`2785`	`+);`
	`2786`	`+});`
`2802`	`2787`	`});`
`2803`	`2788`
`2804`	`2789`	`describe("tokens",()=>{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitf1253b4

File tree

5 files changed

5 files changed

`‎package-lock.json‎`

`‎package.json‎`

`‎redos.ts‎`

`‎src/index.spec.ts‎`

0 commit comments