Skip to content

Commit

Permalink
switch from vulnerable VALID_DOMAIN regex to is-valid-domain lib (#79)
Browse files Browse the repository at this point in the history
  • Loading branch information
James Zetlen authored May 3, 2022
1 parent fecd645 commit b076321
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 11 deletions.
31 changes: 31 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,13 @@
"eol": "^0.9.1",
"get-port": "^3.2.0",
"glob": "^7.1.2",
"is-valid-domain": "^0.1.6",
"lodash": "^4.17.4",
"mkdirp": "^0.5.1",
"password-prompt": "^1.0.4",
"rimraf": "^2.6.2",
"sudo-prompt": "^8.2.0",
"tmp": "^0.0.33",
"tslib": "^1.10.0"
},
"optionalDependencies": {}
}
}
3 changes: 0 additions & 3 deletions src/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ import applicationConfigPath = require('application-config-path');
import eol from 'eol';
import {mktmp, numericHash} from './utils';

export const VALID_IP = /(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}/;
export const VALID_DOMAIN = /^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.?)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$/i;

// Platform shortcuts
export const isMac = process.platform === 'darwin';
export const isLinux = process.platform === 'linux';
Expand Down
8 changes: 2 additions & 6 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,12 @@ import {
domainsDir,
rootCAKeyPath,
rootCACertPath,
VALID_DOMAIN,
VALID_IP
} from './constants';
import currentPlatform from './platforms';
import installCertificateAuthority, { ensureCACertReadable, uninstall } from './certificate-authority';
import generateDomainCertificate from './certificates';
import UI, { UserInterface } from './user-interface';
import isValidDomain from 'is-valid-domain';
export { uninstall };

const debug = createDebug('devcert');
Expand Down Expand Up @@ -69,11 +68,8 @@ type IReturnData<O extends Options = {}> = (IDomainData) & (IReturnCa<O>) & (IRe
*/
export async function certificateFor<O extends Options>(requestedDomains: string | string[], options: O = {} as O): Promise<IReturnData<O>> {
const domains = Array.isArray(requestedDomains) ? requestedDomains : [requestedDomains];
if (domains.some((d) => VALID_IP.test(d))) {
throw new Error('IP addresses are not supported currently');
}
domains.forEach((domain) => {
if (!VALID_DOMAIN.test(domain)) {
if (!isValidDomain(domain, { subdomain: false, wildcard: false, allowUnicode: true, topLevel: false })) {
throw new Error(`"${domain}" is not a valid domain name.`);
}
});
Expand Down

0 comments on commit b076321

Please sign in to comment.