Skip to content

Commit

Permalink
Adds strict mode, redos script, improved separator and delimiter
Browse files Browse the repository at this point in the history
  • Loading branch information
blakeembrey committed Jul 13, 2024
1 parent eaed1fc commit f73ec6c
Show file tree
Hide file tree
Showing 7 changed files with 3,527 additions and 3,013 deletions.
7 changes: 4 additions & 3 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ The `pathToRegexp` function returns a regular expression with `keys` as a proper
- **path** A string.
- **options** _(optional)_
- **sensitive** Regexp will be case sensitive. (default: `false`)
- **trailing** Regexp allows an optional trailing delimiter to match. (default: `true`)
- **trailing** Allows optional trailing delimiter to match. (default: `true`)
- **end** Match to the end of the string. (default: `true`)
- **start** Match from the beginning of the string. (default: `true`)
- **loose** Allow the delimiter to be repeated an arbitrary number of times. (default: `true`)
- **loose** Allow the delimiter to be arbitrarily repeated, e.g. `/` or `///`. (default: `true`)
- **delimiter** The default delimiter for segments, e.g. `[^/]` for `:named` parameters. (default: `'/'`)
- **encodePath** A function to encode strings before inserting into `RegExp`. (default: `x => x`, recommended: [`encodeurl`](https://github.com/pillarjs/encodeurl))
- **encodePath** A function for encoding input strings. (default: `x => x`, recommended: [`encodeurl`](https://github.com/pillarjs/encodeurl) for unicode encoding)

```js
const regexp = pathToRegexp("/foo/:bar");
Expand Down Expand Up @@ -247,6 +247,7 @@ toPathRegexp({ id: "123" }); //=> "/user/123"
- If you are rewriting paths with match and compiler, consider using `encode: false` and `decode: false` to keep raw paths passed around.
- To ensure matches work on paths containing characters usually encoded, consider using [encodeurl](https://github.com/pillarjs/encodeurl) for `encodePath`.
- If matches are intended to be exact, you need to set `loose: false`, `trailing: false`, and `sensitive: true`.
- Enable `strict: true` to detect ReDOS issues.

### Parse

Expand Down
116 changes: 109 additions & 7 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,9 @@
"@types/node": "^20.4.9",
"@types/semver": "^7.3.1",
"@vitest/coverage-v8": "^1.4.0",
"recheck": "^4.4.5",
"size-limit": "^11.1.2",
"typescript": "^5.1.6"
"typescript": "^5.5.3"
},
"engines": {
"node": ">=16"
Expand Down
36 changes: 36 additions & 0 deletions scripts/redos.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import { checkSync } from "recheck";
import { pathToRegexp } from "../src/index.js";

const TESTS = [
"/abc{abc:foo}?",
"/:foo{abc:foo}?",
"{:attr1}?{:attr2/}?",
"{:attr1/}?{:attr2/}?",
"{:foo.}?{:bar.}?",
"{:foo([^\\.]+).}?{:bar.}?",
":foo(a+):bar(b+)",
];

for (const path of TESTS) {
try {
const re = pathToRegexp(path, { strict: true });
const result = checkSync(re.source, re.flags);
if (result.status === "safe") {
console.log("Safe:", path, String(re));
} else {
console.log("Fail:", path, String(re));
}
} catch (err) {
try {
const re = pathToRegexp(path);
const result = checkSync(re.source, re.flags);
if (result.status === "safe") {
console.log("Invalid:", path, String(re));
} else {
console.log("Pass:", path, String(re));
}
} catch (err) {
console.log("Error:", path, err.message);
}
}
}
Loading

0 comments on commit f73ec6c

Please sign in to comment.