Fix: Handle all valid ST characters #58

llimllib · 2024-09-04T15:59:45Z

There is no OSC spec, but it appears that most emulators accept 0x1B 0x5C as an ST character, with 0x07 and 0x9C as alternatives with a bit less support.

This PR updates the regular expression to match all three of 0x1b 0x5C, 0x07, and 0x9C as an ST character, and updates the test file accordingly.

Choices I made, any of which I'm happy to change if you prefer:

I did not pull out the ST character part of the regular expression into a variable, though I would prefer that, because it didn't seem to match the style of the code that's already there
I did make the ST character into an array and loop over it in the tests, because that seemed the clearest. I can change it if you prefer
I did not add any comments with links to relevant documentation, because it seemed out of line with the style of the code

Closes #56

According to wiki, all of [0x1b5c, 0x07, 0x9C] are valid ST (string terminator) signals, so support them all.

llimllib · 2024-09-04T16:06:12Z

The tests have passed, but I think that tsd is failing on irrelevant things that I don't understand?

sindresorhus · 2024-09-09T11:23:59Z

I did not pull out the ST character part of the regular expression into a variable, though I would prefer that

Yeah, do that.

llimllib · 2024-09-09T13:12:44Z

done, and merged main too. Thanks for fixing that up

PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: James M Snell <jasnell@gmail.com>

PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: James M Snell <jasnell@gmail.com>

PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: James M Snell <jasnell@gmail.com>

PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: James M Snell <jasnell@gmail.com>

![snyk-top-banner](https://redirect.github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) <h3>Snyk has created this PR to upgrade ansi-regex from 6.0.1 to 6.1.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **6 months ago**. <details> <summary>Release notes</summary> <details> <summary>Package name: ansi-regex</summary> <ul> <li> 6.1.0 - <a href="https://redirect.github.com/chalk/ansi-regex/releases/tag/v6.1.0">2024-09-09</a><ul> <li>Match cursorSave and cursorRestore escape codes (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1037673499" data-permission-text="Title is private" data-url="chalk/ansi-regex#45" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/45/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/45">#45</a>) <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/chalk/ansi-regex/commit/02fa893d619d3da85411acc8fd4e2eea0e95a9d9/hovercard" href="https://redirect.github.com/chalk/ansi-regex/commit/02fa893d619d3da85411acc8fd4e2eea0e95a9d9"><tt>02fa893</tt></a></li> <li>Fix: Handle all valid ST characters (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2505760732" data-permission-text="Title is private" data-url="chalk/ansi-regex#58" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/58/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/58">#58</a>) <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/chalk/ansi-regex/commit/9cba40dc3df00ee7316c01db4955d31ef7527012/hovercard" href="https://redirect.github.com/chalk/ansi-regex/commit/9cba40dc3df00ee7316c01db4955d31ef7527012"><tt>9cba40d</tt></a></li> </ul> <a class="commit-link" href="https://redirect.github.com/chalk/ansi-regex/compare/v6.0.1...v6.1.0"><tt>v6.0.1...v6.1.0</tt></a> </li> <li> 6.0.1 - <a href="https://redirect.github.com/chalk/ansi-regex/releases/tag/v6.0.1">2021-09-10</a><h3>Fixes</h3> <ul> <li>Fix <a href="https://en.wikipedia.org/wiki/ReDoS" rel="nofollow">ReDoS</a> in certain cases (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="992144440" data-permission-text="Title is private" data-url="chalk/ansi-regex#37" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/37/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/37">#37</a>) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.</li> </ul> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807" rel="nofollow">CVE-2021-3807</a> <a class="commit-link" href="https://redirect.github.com/chalk/ansi-regex/compare/v6.0.0...v6.0.1"><tt>v6.0.0...v6.0.1</tt></a> Thank you <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yetingli/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yetingli">@ yetingli</a> for the patch and reproduction case! </li> </ul> from <a href="https://redirect.github.com/chalk/ansi-regex/releases">ansi-regex GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2Yzg2ZmFlNi1kN2I5LTQyNmMtYWU3Yi03MzRhZmRmODZmYjAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjZjODZmYWU2LWQ3YjktNDI2Yy1hZTdiLTczNGFmZGY4NmZiMCJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a/settings/integration?pkg=ansi-regex&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"ansi-regex","from":"6.0.1","to":"6.1.0"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"6c86fae6-d7b9-426c-ae7b-734afdf86fb0","prPublicId":"6c86fae6-d7b9-426c-ae7b-734afdf86fb0","packageManager":"npm","priorityScoreList":[],"projectPublicId":"1a7ace33-7e4c-495f-8b89-dccaf4d6617a","projectUrl":"https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2024-09-09T13:57:56.873Z"},"vulns":[]}' Co-authored-by: snyk-bot <snyk-bot@snyk.io>

llimllib force-pushed the llimllib/fix-osc-st-characters branch from 90f687f to e96b184 Compare September 4, 2024 16:02

fix: handle all valid ST characters

2ae99de

According to wiki, all of [0x1b5c, 0x07, 0x9C] are valid ST (string terminator) signals, so support them all.

llimllib force-pushed the llimllib/fix-osc-st-characters branch from e96b184 to 2ae99de Compare September 4, 2024 16:04

llimllib added 2 commits September 9, 2024 09:07

fix: move ST into a variable

6a4f346

Merge branch 'main' into llimllib/fix-osc-st-characters

cba1f4b

sindresorhus merged commit 9cba40d into chalk:main Sep 9, 2024
2 checks passed

sindresorhus changed the title ~~fix: handle all valid ST characters~~ Fix: Handle all valid ST characters Sep 9, 2024

avivkeller mentioned this pull request Sep 9, 2024

util: update ansi regex nodejs/node#54865

Closed

PabloLec mentioned this pull request Oct 1, 2024

[Snyk] Upgrade ansi-regex from 6.0.1 to 6.1.0 PabloLec/neoss#257

Open

INexizI mentioned this pull request Oct 1, 2024

[Snyk] Upgrade ansi-regex from 6.0.1 to 6.1.0 INexizI/KR-DB#402

Merged

stormz310 approved these changes Oct 20, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix: Handle all valid ST characters #58

Fix: Handle all valid ST characters #58

llimllib commented Sep 4, 2024 •

edited

Loading

llimllib commented Sep 4, 2024

sindresorhus commented Sep 9, 2024

llimllib commented Sep 9, 2024

Fix: Handle all valid ST characters #58

Fix: Handle all valid ST characters #58

Conversation

llimllib commented Sep 4, 2024 • edited Loading

llimllib commented Sep 4, 2024

sindresorhus commented Sep 9, 2024

llimllib commented Sep 9, 2024

llimllib commented Sep 4, 2024 •

edited

Loading