Fix: remove catastrophic backtracking vulnerability

Change template substitution regex to exclude fields with whitespace. This addresses possible O(n^2) catastrophic backtracking behavior. Very unlikely to be exploited. For eslint#10002.
davisjam · Feb 24, 2018 · 58ad0af · 58ad0af
1 parent 558ccba
commit 58ad0af
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/util/interpolate.js b/lib/util/interpolate.js
@@ -13,7 +13,11 @@ module.exports = (text, data) => {
     if (!data) {
         return text;
     }
-    return text.replace(/\{\{\s*([^{}]+?)\s*\}\}/g, (fullMatch, term) => {
+
+    // Substitution content for any {{ }} markers.
+    return text.replace(/\{\{([^{}]+?)\}\}/g, (fullMatch, termWithWhitespace) => {
+        const term = termWithWhitespace.trim();
+
         if (term in data) {
             return data[term];
         }