64 lines
1.6 KiB
Diff
64 lines
1.6 KiB
Diff
From 62287c7af3aabd73db9bd1057c4c6cfcb5f3f67b Mon Sep 17 00:00:00 2001
|
|
From: Takayuki Sato <sttk.xslet@gmail.com>
|
|
Date: Tue, 20 Jul 2021 14:46:33 +0900
|
|
Subject: [PATCH] deps(glob-parent): Resolve ReDoS vulnerability from
|
|
CVE-2021-35065 (#49)
|
|
|
|
Signed-off-by: rpm-build <rpm-build>
|
|
---
|
|
node_modules/glob-parent/index.js | 27 +++++++++++++++++++++++++--
|
|
1 file changed, 25 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/node_modules/glob-parent/index.js b/node_modules/glob-parent/index.js
|
|
index 09e257e..b182190 100644
|
|
--- a/node_modules/glob-parent/index.js
|
|
+++ b/node_modules/glob-parent/index.js
|
|
@@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
|
|
|
|
var slash = '/';
|
|
var backslash = /\\/g;
|
|
-var enclosure = /[\{\[].*[\}\]]$/;
|
|
var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
|
|
var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
|
|
|
|
@@ -25,7 +24,7 @@ module.exports = function globParent(str, opts) {
|
|
}
|
|
|
|
// special case for strings ending in enclosure containing path separator
|
|
- if (enclosure.test(str)) {
|
|
+ if (isEnclosure(str)) {
|
|
str += slash;
|
|
}
|
|
|
|
@@ -40,3 +39,27 @@ module.exports = function globParent(str, opts) {
|
|
// remove escape chars and return result
|
|
return str.replace(escaped, '$1');
|
|
};
|
|
+
|
|
+
|
|
+function isEnclosure(str) {
|
|
+ var lastChar = str.slice(-1)
|
|
+
|
|
+ var enclosureStart;
|
|
+ switch (lastChar) {
|
|
+ case '}':
|
|
+ enclosureStart = '{';
|
|
+ break;
|
|
+ case ']':
|
|
+ enclosureStart = '[';
|
|
+ break;
|
|
+ default:
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ var foundIndex = str.indexOf(enclosureStart);
|
|
+ if (foundIndex < 0) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ return str.slice(foundIndex + 1, -1).includes(slash);
|
|
+}
|
|
--
|
|
2.39.2
|
|
|