1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
|
Description: Fix potential ReDoS
Author: Yeting Li <liyt@ios.ac.cn>
Origin: upstream, https://github.com/chalk/ansi-regex/commit/8d1d7cdb
Bug: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-09-22
--- a/index.js
+++ b/index.js
@@ -2,7 +2,7 @@
module.exports = () => {
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
].join('|');
|