Skip to content

Commit

Permalink
fix(): Fix security issue on regular expression
Browse files Browse the repository at this point in the history
  • Loading branch information
Alexandre Amalric committed Nov 29, 2023
1 parent 795a12e commit 34a2049
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
1 change: 1 addition & 0 deletions packages/cmf/__tests__/settings.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ describe('settings', () => {
describe('withoutHOC', () => {
it('should remove all HOC prefix', () => {
expect(withoutHOC('Connect(CMF(Container(MyComponent)))')).toBe('MyComponent');
expect(withoutHOC('Connect(CMF(Container(Comp_+*[]~-=@{})))')).toBe('Comp_+*[]~-=@{}');
});
});
});
5 changes: 3 additions & 2 deletions packages/cmf/src/settings.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,12 @@ export function generateDefaultViewId(viewId, componentName, componentId) {

/**
* Extract component name without HOC
* @param {String} viewId Connect(CMF(Container(MyComponent)))
* @param {String} componentName Connect(CMF(Container(MyComponent)))
* @return {String} MyComponent
*/
export function withoutHOC(componentName) {
return componentName.match(/.*\((.*?)\)/)[1];
const regExp = /([^()]+)\)(?=\))/;
return componentName.match(regExp)[1];

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings with many repetitions of '''.
}

/**
Expand Down

0 comments on commit 34a2049

Please sign in to comment.