Integrate eslint-plugin-redos to Prevent ReDoS Vulnerabilities #3016
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for guileless-rolypoly-866f8a ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
I appreciate this PR, but Zod's actually moving away from eslint imminently, so I'm going to close this. Zod also now relies on a fair number of dynamically generated regexes, so I think the best approach to addressing this issue is adding runtime tests using https://www.npmjs.com/package/redos-detector or similar, which I'll do shortly in the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
In light of recent issues and pull requests, specifically Issue #2609 and PR #2824, there's a growing need to proactively prevent Regular Expression Denial of Service (ReDoS) vulnerabilities in our codebase.
Proposal
To address this, I propose the integration of
eslint-plugin-redosinto our development workflow. This plugin will help us identify potentially vulnerable regex patterns in our code, thereby preventing possible ReDoS attacks.Implementation
The integration involves adding
eslint-plugin-redosto ourpackage.jsonand configuring it according to our project's coding standards. The official documentation foreslint-plugin-redoscan be found here, which provides detailed instructions on how to use and configure the plugin effectively.Expected Impact
By implementing this plugin, we can enhance the security and robustness of our application, ensuring that similar issues to those addressed in Issue #2609 and PR #2824 are mitigated before they arise. This proactive approach will not only improve our code quality but also align with best practices in software development.