archive-gh-me/jsdoc
1
0
Fork 0
mirror of https://github.com/jsdoc/jsdoc.git synced 2025-12-08 19:46:11 +00:00
Code Issues Projects Releases Wiki Activity

fix(jsdoc-tag): prevent ReDOS

Browse Source 
Verified with https://github.com/NicolaasWeideman/RegexStaticAnalysis.
This commit is contained in:
Jeff Williams 2023-12-21 13:49:36 -08:00
parent 5ea2201438
commit 959dc4f296
No known key found for this signature in database
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
packages/jsdoc-tag/lib/type.js
View File

@ -27,7 +27,7 @@ import { extractInlineTag } from './inline.js';
const MEMIZE_OPTS = { maxSize: 500 };
const NAME_AND_DEFAULT_VALUE_REGEXP = /^(.+?)\s*=\s*(.+)$/;
const NAME_AND_TYPE_REGEXP = /^(\[)?\s*(.+?)\s*(\])?$/;
const OPTIONAL_REGEXP = /^(\[)(.+?)(\])$/;
const TYPES = catharsis.Types;
/**
@ -173,23 +173,24 @@ const getTagInfo = memoize(_getTagInfo);
* @return {module:@jsdoc/tag.type.TagInfo} Updated information from the tag.
*/
function parseName(tagInfo) {
// like '[foo]' or '[ foo ]' or '[foo=bar]' or '[ foo=bar ]' or '[ foo = bar ]'
// or 'foo=bar' or 'foo = bar'
let match = tagInfo.name.match(NAME_AND_TYPE_REGEXP);
// Like '[foo]' or '[ foo ]' or '[foo=bar]' or '[ foo=bar ]' or '[ foo = bar ]'
let match = tagInfo.name.match(OPTIONAL_REGEXP);
if (match) {
tagInfo.name = match[2];
// were the "optional" brackets present?
// Were the optional brackets present?
if (match[1] && match[3]) {
tagInfo.optional = true;
}
}
// like 'foo=bar' or 'foo = bar'
match = tagInfo.name.match(NAME_AND_DEFAULT_VALUE_REGEXP);
if (match) {
tagInfo.name = match[1];
tagInfo.defaultvalue = cast(match[2]);
}
tagInfo.name = tagInfo.name.trim();
// Like 'foo=bar' or 'foo = bar'
match = tagInfo.name.match(NAME_AND_DEFAULT_VALUE_REGEXP);
if (match) {
tagInfo.name = match[1];
tagInfo.defaultvalue = cast(match[2]);
}
return tagInfo;