Skip to content

Commit

Permalink
fix: eliminate ReDoS
Browse files Browse the repository at this point in the history
This change fixes the regular expression denial of service
vulnerability.

This also fixes some incorrect tests that concealed a bug.

Fixes: gulpjs#32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
  • Loading branch information
Trott committed Mar 7, 2021
1 parent 6b6c5c2 commit 82fd0db
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ var isWin32 = require('os').platform() === 'win32';

var slash = '/';
var backslash = /\\/g;
var enclosure = /[{[].*[}\]]$/;
var enclosure = /[\{\[].*\/.*[\}\]]$/;
var globby = /(^|[^\\])([{[]|\([^)]+$)/;
var escaped = /\\([!*?|[\](){}])/g;

Expand Down
8 changes: 4 additions & 4 deletions test/index.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,10 @@ describe('glob-parent', function () {
'path/[foo bar]/subdir'
);
expect(gp('path/\\[bar]/')).toEqual('path/[bar]');
expect(gp('path/\\[bar]')).toEqual('path/[bar]');
expect(gp('path/\\[bar]')).toEqual('path');
expect(gp('[bar]')).toEqual('.');
expect(gp('[bar]/')).toEqual('.');
expect(gp('./\\[bar]')).toEqual('./[bar]');
expect(gp('./\\[bar]')).toEqual('.');
expect(gp('\\[bar]/')).toEqual('[bar]');
expect(gp('\\!dir/*')).toEqual('!dir');
expect(gp('[bar\\]/')).toEqual('.');
Expand All @@ -95,9 +95,9 @@ describe('glob-parent', function () {
expect(gp('foo-\\(bar\\).md')).toEqual('foo-');
} else {
expect(gp('foo-\\(bar\\).md')).toEqual('.');
expect(gp('\\[bar]')).toEqual('[bar]');
expect(gp('\\[bar]')).toEqual('.');
expect(gp('[bar\\]')).toEqual('.');
expect(gp('\\{foo,bar\\}')).toEqual('{foo,bar}');
expect(gp('\\{foo,bar\\}')).toEqual('.');
expect(gp('{foo,bar\\}')).toEqual('.');
}

Expand Down

0 comments on commit 82fd0db

Please sign in to comment.