Skip to content

Commit

Permalink
client/common: Disable regex security checks
Browse files Browse the repository at this point in the history 
Fixes #574
  • Loading branch information
@edg2s @jdforrester
edg2s authored and jdforrester committed May 21, 2024
1 parent fd77d8b commit 0aa06ce
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
2 changes: 2 additions & 0 deletions client/common.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
"no-console": "error",
"no-implied-eval": "error",
"unicorn/no-invalid-remove-event-listener": "error",
"security/detect-non-literal-regexp": "off",
"security/detect-unsafe-regex": "off",
"security/detect-possible-timing-attacks": "off"
}
}
10 changes: 8 additions & 2 deletions test/fixtures/client/common/valid.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
( function () {
( function ( userInput ) {
function checkHash( input, cachedValue ) {
var hash = JSON.stringify( input );
// Off: security/detect-possible-timing-attacks (#503)
Expand All @@ -7,5 +7,11 @@
}
}

checkHash();
checkHash(
// Off: security/detect-non-literal-regexp
new RegExp( '/[0-9]+' + userInput + '/' ),
// Off: security/detect-unsafe-regex
/^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+\.)+([a-zA-Z0-9]{2,4})+$/
);

}() );

0 comments on commit 0aa06ce

Please sign in to comment.