Skip to content

Commit

Permalink
security: new url regex disallow ReDos
Browse files Browse the repository at this point in the history
  • Loading branch information
@evdama
evdama committed Mar 21, 2022
1 parent 74b0144 commit d60d34f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 1 addition & 1 deletion is-it-check.js
View file
Expand Up @@ -292,7 +292,7 @@
socialSecurityNumber: /^(?!000|666)[0-8][0-9]{2}-?(?!00)[0-9]{2}-?(?!0000)[0-9]{4}$/,
timeString: /^(2[0-3]|[01]?[0-9]):([0-5]?[0-9]):([0-5]?[0-9])$/,
ukPostCode: /^[A-Z]{1,2}[0-9RCHNQ][0-9A-Z]?\s?[0-9][ABD-HJLNP-UW-Z]{2}$|^[A-Z]{2}-?[0-9]{4}$/,
url: /^(?:(?:https?|ftp):\/\/)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})))(?::\d{2,5})?(?:\/\S*)?$/i,
url: /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)/i,
usZipCode: /^[0-9]{5}(?:-[0-9]{4})?$/
}

Expand Down
3 changes: 3 additions & 0 deletions test/test.js
View file
Expand Up @@ -463,6 +463,9 @@
it('should return true if given value is url', () => {
expect(is.url('http://www.test.com')).to.be.true
})
it('should return true if given value is url', () => {
expect(is.url('https://github.com/evdama/is-it-check/commit/74b01444421525d636dabb47d4e72b23fd58a152')).to.be.true
})
it('should return false if given value is not url', () => {
expect(is.url(1)).to.be.false
})
Expand Down

0 comments on commit d60d34f

Please sign in to comment.