Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: limit overly permissive regex range #949

Merged
merged 2 commits into from
Nov 14, 2024
Merged

fix: limit overly permissive regex range #949

merged 2 commits into from
Nov 14, 2024

Conversation

barmac
Copy link
Member

@barmac barmac commented Nov 12, 2024

Proposed Changes

This fragment of code deals with letters so it should not match additional characters.

Checklist

To ensure you provided everything we need to look at your PR:

  • Brief textual description of the changes present
  • Visual demo attached
  • Steps to try out present, i.e. using the @bpmn-io/sr tool
  • Related issue linked via Closes {LINK_TO_ISSUE} or Related to {LINK_TO_ISSUE}

This fragment of code deals with letters so it should not
match additional characters.
@bpmn-io-tasks bpmn-io-tasks bot added the in progress Currently worked on label Nov 12, 2024
@barmac
Copy link
Member Author

barmac commented Nov 12, 2024

I'll check if it's not breaking bpmn-js, but should be safe to merge.

barmac added a commit to bpmn-io/bpmn-js that referenced this pull request Nov 13, 2024
@barmac
Copy link
Member Author

barmac commented Nov 13, 2024

@barmac
Copy link
Member Author

barmac commented Nov 13, 2024

I had to skip types test as they are apparently not generated for install from commit. This is the new run: https://github.com/bpmn-io/bpmn-js/actions/runs/11815660568

@barmac
Copy link
Member Author

barmac commented Nov 13, 2024

A manual smoke test did not reveal any issues.

@barmac barmac marked this pull request as ready for review November 13, 2024 10:47
@bpmn-io-tasks bpmn-io-tasks bot added needs review Review pending and removed in progress Currently worked on labels Nov 13, 2024
@nikku nikku requested a review from misiekhardcore November 14, 2024 08:50
Copy link
Member

@nikku nikku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose we add a dedcated test case for this, i.e. verify our replace strategy. Not 100% sold on whether this is actually a bug worth fixing.

For this to ever be an issue we'd need to get elements from untrusted input.

@barmac
Copy link
Member Author

barmac commented Nov 14, 2024

I'll add a test case for this util.

@barmac
Copy link
Member Author

barmac commented Nov 14, 2024

Test cases added via 06db3c7

@barmac barmac requested a review from nikku November 14, 2024 12:26
Copy link
Member

@nikku nikku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good one, thanks!

@barmac barmac merged commit a55b7f9 into main Nov 14, 2024
12 checks passed
@bpmn-io-tasks bpmn-io-tasks bot removed the needs review Review pending label Nov 14, 2024
@barmac barmac deleted the barmac-patch-1 branch November 14, 2024 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants