From c508840d1ddd45dbfa2ec255e0a5ce05764cd345 Mon Sep 17 00:00:00 2001 From: Alexandre Amalric <119614409+aamalric-talend@users.noreply.github.com> Date: Wed, 29 Nov 2023 14:44:11 +0100 Subject: [PATCH] fix(): Fix security issue on regular expression (#5019) --- .changeset/nice-schools-cry.md | 5 +++++ packages/cmf/__tests__/settings.test.js | 1 + packages/cmf/src/settings.js | 5 +++-- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 .changeset/nice-schools-cry.md diff --git a/.changeset/nice-schools-cry.md b/.changeset/nice-schools-cry.md new file mode 100644 index 00000000000..8a83d97ae24 --- /dev/null +++ b/.changeset/nice-schools-cry.md @@ -0,0 +1,5 @@ +--- +'@talend/react-cmf': minor +--- + +fix(): Fix security issue on regular expression diff --git a/packages/cmf/__tests__/settings.test.js b/packages/cmf/__tests__/settings.test.js index 129db6434bc..a2180cb3ebe 100644 --- a/packages/cmf/__tests__/settings.test.js +++ b/packages/cmf/__tests__/settings.test.js @@ -111,6 +111,7 @@ describe('settings', () => { describe('withoutHOC', () => { it('should remove all HOC prefix', () => { expect(withoutHOC('Connect(CMF(Container(MyComponent)))')).toBe('MyComponent'); + expect(withoutHOC('Connect(CMF(Container(Comp_+*[]~-=@{})))')).toBe('Comp_+*[]~-=@{}'); }); }); }); diff --git a/packages/cmf/src/settings.js b/packages/cmf/src/settings.js index d9fe6171b9d..b44083b1859 100644 --- a/packages/cmf/src/settings.js +++ b/packages/cmf/src/settings.js @@ -27,11 +27,12 @@ export function generateDefaultViewId(viewId, componentName, componentId) { /** * Extract component name without HOC - * @param {String} viewId Connect(CMF(Container(MyComponent))) + * @param {String} componentName Connect(CMF(Container(MyComponent))) * @return {String} MyComponent */ export function withoutHOC(componentName) { - return componentName.match(/.*\((.*?)\)/)[1]; + const parts = componentName.split('('); + return parts[parts.length - 1].replaceAll(')', ''); } /**