From bc1849cc215bdb646398a19efa3105924aa8bd3c Mon Sep 17 00:00:00 2001 From: Marco 'Lubber' Wienkoop Date: Wed, 30 Aug 2023 19:36:11 +0200 Subject: [PATCH] fix(api): create regexp alias to fix snyk redos false positive This change fixes the false positive snyk warning about a possible Redos regex attack. Synk does not correctly detect the settings reference, because the related regexes themselves are safe (checked via devina.io/redos-checker) --- src/definitions/behaviors/api.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/definitions/behaviors/api.js b/src/definitions/behaviors/api.js index ad69069cf4..11aa1ae2a6 100644 --- a/src/definitions/behaviors/api.js +++ b/src/definitions/behaviors/api.js @@ -58,6 +58,7 @@ : $.extend({}, $.fn.api.settings), // internal aliases + regExp = settings.regExp, namespace = settings.namespace, metadata = settings.metadata, selector = settings.selector, @@ -360,8 +361,8 @@ optionalVariables ; if (url) { - requiredVariables = url.match(settings.regExp.required); - optionalVariables = url.match(settings.regExp.optional); + requiredVariables = url.match(regExp.required); + optionalVariables = url.match(regExp.optional); urlData = urlData || settings.urlData; if (requiredVariables) { module.debug('Looking for required URL variables', requiredVariables); @@ -458,7 +459,7 @@ }); }); $.each(formArray, function (i, el) { - if (!settings.regExp.validate.test(el.name)) { + if (!regExp.validate.test(el.name)) { return; } var @@ -469,7 +470,7 @@ || (String(floatValue) === el.value ? floatValue : (el.value === 'false' ? false : el.value)), - nameKeys = el.name.match(settings.regExp.key) || [], + nameKeys = el.name.match(regExp.key) || [], pushKey = el.name.replace(/\[]$/, '') ; if (!(pushKey in pushes)) { @@ -489,9 +490,9 @@ if (k === '' && !Array.isArray(value)) { // foo[] value = build([], pushes[pushKey]++, value); - } else if (settings.regExp.fixed.test(k)) { // foo[n] + } else if (regExp.fixed.test(k)) { // foo[n] value = build([], k, value); - } else if (settings.regExp.named.test(k)) { // foo; foo[bar] + } else if (regExp.named.test(k)) { // foo; foo[bar] value = build({}, k, value); } }