File: vuln-regex.js

package info (click to toggle)
node-marked 0.8.0%2Bds%2Brepack-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,948 kB
  • sloc: javascript: 3,640; sh: 16; makefile: 16
file content (42 lines) | stat: -rw-r--r-- 1,237 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
const regexp = require('../src/rules.js');
const vulnRegexDetector = require('vuln-regex-detector');

const promises = [];
function findRegexps(name, obj) {
  if (typeof obj === 'string') {
    promises.push(testRegexp(name, obj));
  } if (obj instanceof RegExp || obj.exec) {
    if (obj.source) {
      promises.push(testRegexp(name, obj.source));
    }
  } else if (typeof obj === 'object') {
    for (const prop in obj) {
      findRegexps(name + (name ? '.' : '') + prop, obj[prop]);
    }
  }
}

async function testRegexp(name, source) {
  try {
    const result = await vulnRegexDetector.test(source);

    if (result === vulnRegexDetector.responses.safe) {
      console.log(`${name} is safe`);
      return true;
    } else if (result === vulnRegexDetector.responses.vulnerable) {
      console.error(`${name} is vulnerable`);
    } else {
      console.error(`${name} might be vulnerable: ` + result.toString());
    }
  } catch (ex) {
    console.error(`${name} failed with error: ` + ex.toString());
  }
  return false;
}

findRegexps('', regexp);
// promises.push(testRegexp('a', /(a+)+$/.source));
Promise.allSettled(promises).then(results => {
  const code = results.every(r => r.value) ? 0 : 1;
  process.exit(code);
});