Skip to content
This repository has been archived by the owner on Sep 6, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #120 from ready-research/master
Security fix for ReDoS
  • Loading branch information
NicolasCARPi committed Sep 3, 2021
2 parents 5869ff4 + 9fa822a commit 9760566
Show file tree
Hide file tree
Showing 12 changed files with 11 additions and 37 deletions.
4 changes: 1 addition & 3 deletions lib/parsers/api.js
@@ -1,7 +1,5 @@
var trim = require('../utils/trim');

function parse(content) {
content = trim(content);
content = content.trim();

// Search: type, url and title
// Example: {get} /user/:id Get User by ID.
Expand Down
3 changes: 1 addition & 2 deletions lib/parsers/api_define.js
@@ -1,4 +1,3 @@
var trim = require('../utils/trim');
var unindent = require('../utils/unindent');

var ParameterError = require('../errors/parameter_error');
Expand All @@ -15,7 +14,7 @@ var _messages = {
function parse(content, source, messages) {
messages = messages || _messages;

content = trim(content);
content = content.trim();

var parseRegExp = /^(\w*)(.*?)(?:\s+|$)(.*)$/gm;
var matches = parseRegExp.exec(content);
Expand Down
3 changes: 1 addition & 2 deletions lib/parsers/api_deprecated.js
@@ -1,8 +1,7 @@
var trim = require('../utils/trim');
var unindent = require('../utils/unindent');

function parse(content) {
var deprecated = trim(content);
var deprecated = content.trim();

if (deprecated.length > 0) {
return {
Expand Down
3 changes: 1 addition & 2 deletions lib/parsers/api_description.js
@@ -1,8 +1,7 @@
var trim = require('../utils/trim');
var unindent = require('../utils/unindent');

function parse(content) {
var description = trim(content);
var description = content.trim();

if (description.length === 0)
return null;
Expand Down
3 changes: 1 addition & 2 deletions lib/parsers/api_example.js
@@ -1,8 +1,7 @@
var trim = require('../utils/trim');
var unindent = require('../utils/unindent');

function parse(content, source) {
source = trim(source);
source = source.trim();

var title = '';
var text = '';
Expand Down
4 changes: 1 addition & 3 deletions lib/parsers/api_group.js
@@ -1,7 +1,5 @@
var trim = require('../utils/trim');

function parse(content) {
var group = trim(content);
var group = content.trim();

if (group.length === 0)
return null;
Expand Down
4 changes: 1 addition & 3 deletions lib/parsers/api_name.js
@@ -1,7 +1,5 @@
var trim = require('../utils/trim');

function parse(content) {
var name = trim(content);
var name = content.trim();

if(name.length === 0)
return null;
Expand Down
3 changes: 1 addition & 2 deletions lib/parsers/api_param.js
@@ -1,4 +1,3 @@
var trim = require('../utils/trim');
var unindent = require('../utils/unindent');

var group = '';
Expand Down Expand Up @@ -69,7 +68,7 @@ var allowedValuesWithQuoteRegExp = new RegExp(/\'[^\']*[^\']\'/g);
var allowedValuesRegExp = new RegExp(/[^,\s]+/g);

function parse(content, source, defaultGroup) {
content = trim(content);
content = content.trim();

// replace Linebreak with Unicode
content = content.replace(/\n/g, '\uffff');
Expand Down
4 changes: 1 addition & 3 deletions lib/parsers/api_sample_request.js
@@ -1,7 +1,5 @@
var trim = require('../utils/trim');

function parse(content) {
var url = trim(content);
var url = content.trim();

if(url.length === 0)
return null;
Expand Down
4 changes: 1 addition & 3 deletions lib/parsers/api_use.js
@@ -1,7 +1,5 @@
var trim = require('../utils/trim');

function parse(content) {
var name = trim(content);
var name = content.trim();

if (name.length === 0)
return null;
Expand Down
4 changes: 1 addition & 3 deletions lib/parsers/api_version.js
@@ -1,11 +1,9 @@
var semver = require('semver');

var trim = require('../utils/trim');

var ParameterError = require('../errors/parameter_error');

function parse(content) {
content = trim(content);
content = content.trim();

if (content.length === 0)
return null;
Expand Down
9 changes: 0 additions & 9 deletions lib/utils/trim.js

This file was deleted.

0 comments on commit 9760566

Please sign in to comment.