Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove ReDoS regexp #504

Merged
merged 1 commit into from Sep 21, 2017
Merged

fix: remove ReDoS regexp #504

merged 1 commit into from Sep 21, 2017

Conversation

zhuangya
Copy link
Contributor

  • split the line by '\n',
  • and trim each line(do we really need to trim each line?).
  • then join each line by ' '

i think this is the same as the original RegExp, correct me if wrong.

fix #501

@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

2 similar comments
@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

@TooTallNate TooTallNate merged commit c38a016 into debug-js:master Sep 21, 2017
@TooTallNate
Copy link
Contributor

Thank you!

@dougwilson
Copy link
Contributor

Can this be backported to the 2.x series?

TooTallNate pushed a commit that referenced this pull request Sep 22, 2017
@TooTallNate
Copy link
Contributor

@dougwilson Sure thing: https://github.com/visionmedia/debug/releases/tag/2.6.9

Curious what's holding you back from upgrading though 😅

platinumazure added a commit to eslint/eslint that referenced this pull request Dec 18, 2017
This version of debug addresses a minor ReDoS issue. See debug-js/debug#501, debug-js/debug#504 for more information. Looking at the rest of the changelog, this should be a pretty low-risk upgrade.
aladdin-add pushed a commit to eslint/eslint that referenced this pull request Dec 19, 2017
This version of debug addresses a minor ReDoS issue. See debug-js/debug#501, debug-js/debug#504 for more information. Looking at the rest of the changelog, this should be a pretty low-risk upgrade.
@zhuangya zhuangya deleted the redos branch December 25, 2017 07:06
sodawy added a commit to sodawy/session that referenced this pull request Jan 6, 2018
stenalpjolly added a commit to stenalpjolly/express that referenced this pull request Aug 30, 2018
With reference to fix: remove ReDoS regexp(debug-js/debug#504)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

Vulnerable Regular Expression
4 participants