Skip to content

Commit 422c992

Browse files
akvladakvlad
committed
fix security alerts
1 parent 316b392 commit 422c992

File tree

5 files changed

+2568
-2554
lines changed

5 files changed

+2568
-2554
lines changed

jest.config.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@ const path = require('path')
22
module.exports = {
33
setupFilesAfterEnv: [path.join(__dirname, '/test/jest.setup.js')],
44
moduleNameMapper: {
5-
'^axios$': 'axios/dist/node/axios.cjs'
5+
'^axios$': require.resolve('axios'),//'axios/dist/node/axios.cjs'
66
}
77
}

parser/bnf.js

+27-13
Original file line numberDiff line numberDiff line change
@@ -79,21 +79,35 @@ compiler._ParseScript = compiler.ParseScript
7979
compiler.ParseScript = function (script) {
8080
const qLiterals = []
8181
const aqLiterals = []
82-
const quotedStrings = script.replaceAll(/"([^"\\]|\\.)*"/g, (str) => {
83-
if (str.length < 512) {
84-
return str
82+
let _script = script
83+
let res = ''
84+
let qsMatch = _script.match(/^([^"]*)("([^"\\]|\\.)*")?/)
85+
while (qsMatch && qsMatch[0]) {
86+
let repl = qsMatch[2] || ''
87+
if (repl.length > 512) {
88+
qLiterals.push(repl)
89+
repl = `"QL_${qLiterals.length - 1}"`
8590
}
86-
qLiterals.push(str)
87-
return `"QL_${qLiterals.length - 1}"`
88-
})
89-
const aQuotedStrings = quotedStrings.replaceAll(/`([^`\\]|\\.)*`/g, (str) => {
90-
if (str.length < 512) {
91-
return str
91+
res = res + qsMatch[1] + repl
92+
_script = _script.slice(qsMatch[0].length)
93+
qsMatch = _script.match(/^([^"]*)("([^"\\]|\\.)*")?/)
94+
}
95+
96+
_script = res
97+
res = ''
98+
qsMatch = _script.match(/^([^`]*)(`([^`\\]|\\.)*`)?/)
99+
while (qsMatch && qsMatch[0]) {
100+
let repl = qsMatch[2] || ''
101+
if (repl.length > 512) {
102+
aqLiterals.push(repl)
103+
repl = `\`AL_${qLiterals.length - 1}\``
92104
}
93-
aqLiterals.push(str)
94-
return `\`AL_${aqLiterals.length - 1}\``
95-
})
96-
const parsedScript = this._ParseScript(aQuotedStrings)
105+
res = res + qsMatch[1] + repl
106+
_script = _script.slice(qsMatch[0].length)
107+
qsMatch = _script.match(/^([^`]*)(`([^`\\]|\\.)*`)?/)
108+
}
109+
110+
const parsedScript = this._ParseScript(res)
97111
if (!parsedScript) {
98112
return parsedScript
99113
}

qryn_node.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ let fastify = require('fastify')({
124124
done()
125125
}))
126126
await fastify.register(require('@fastify/compress'), {
127-
encodings: ['gzip'],
127+
encodings: ['gzip']/*,
128128
zlib: {
129129
createGzip: () => {
130130
const deflator = new pako.Deflate({ gzip: true })
@@ -152,7 +152,7 @@ let fastify = require('fastify')({
152152
}
153153
return res
154154
}
155-
}
155+
}*/
156156
})
157157
await fastify.register(require('@fastify/url-data'))
158158
await fastify.register(require('@fastify/websocket'))

test/__snapshots__/parser.test.js.snap

+75-75
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
// Jest Snapshot v1, https://goo.gl/fbAQLP
22

33
exports[`should compile regex 1`] = `
4-
"SCRIPT: abcd\\\\(
5-
SYNTAX: abcd\\\\(
4+
"SCRIPT: abcd\\(
5+
SYNTAX: abcd\\(
66
literal: a
77
letter: a
88
literal: b
@@ -11,20 +11,20 @@ exports[`should compile regex 1`] = `
1111
letter: c
1212
literal: d
1313
letter: d
14-
literal: \\\\(
15-
quoted_brack: \\\\(
14+
literal: \\(
15+
quoted_brack: \\(
1616
"
1717
`;
1818

1919
exports[`should compile regex 2`] = `
20-
"SCRIPT: (a\\\\(bc)
21-
SYNTAX: (a\\\\(bc)
22-
any_group: (a\\\\(bc)
23-
group_tail: a\\\\(bc
20+
"SCRIPT: (a\\(bc)
21+
SYNTAX: (a\\(bc)
22+
any_group: (a\\(bc)
23+
group_tail: a\\(bc
2424
literal: a
2525
letter: a
26-
literal: \\\\(
27-
quoted_brack: \\\\(
26+
literal: \\(
27+
quoted_brack: \\(
2828
literal: b
2929
letter: b
3030
literal: c
@@ -33,26 +33,26 @@ exports[`should compile regex 2`] = `
3333
`;
3434

3535
exports[`should compile regex 3`] = `
36-
"SCRIPT: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
37-
SYNTAX: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
38-
any_group: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
36+
"SCRIPT: (?<label1>a[^\\[\\(\\)]bc)
37+
SYNTAX: (?<label1>a[^\\[\\(\\)]bc)
38+
any_group: (?<label1>a[^\\[\\(\\)]bc)
3939
group_name: ?<label1>
4040
label: label1
41-
group_tail: a[^\\\\[\\\\(\\\\)]bc
41+
group_tail: a[^\\[\\(\\)]bc
4242
literal: a
4343
letter: a
4444
literal: [
4545
letter: [
4646
literal: ^
4747
letter: ^
48-
literal: \\\\
49-
letter: \\\\
48+
literal: \\
49+
letter: \\
5050
literal: [
5151
letter: [
52-
literal: \\\\(
53-
quoted_brack: \\\\(
54-
literal: \\\\)
55-
quoted_brack: \\\\)
52+
literal: \\(
53+
quoted_brack: \\(
54+
literal: \\)
55+
quoted_brack: \\)
5656
literal: ]
5757
letter: ]
5858
literal: b
@@ -63,28 +63,28 @@ exports[`should compile regex 3`] = `
6363
`;
6464
6565
exports[`should compile regex 4`] = `
66-
"SCRIPT: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
67-
SYNTAX: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
68-
any_group: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
69-
group_tail: a(?<label1>[^\\\\[\\\\(\\\\)]bc)
66+
"SCRIPT: (a(?<label1>[^\\[\\(\\)]bc))
67+
SYNTAX: (a(?<label1>[^\\[\\(\\)]bc))
68+
any_group: (a(?<label1>[^\\[\\(\\)]bc))
69+
group_tail: a(?<label1>[^\\[\\(\\)]bc)
7070
literal: a
7171
letter: a
72-
any_group: (?<label1>[^\\\\[\\\\(\\\\)]bc)
72+
any_group: (?<label1>[^\\[\\(\\)]bc)
7373
group_name: ?<label1>
7474
label: label1
75-
group_tail: [^\\\\[\\\\(\\\\)]bc
75+
group_tail: [^\\[\\(\\)]bc
7676
literal: [
7777
letter: [
7878
literal: ^
7979
letter: ^
80-
literal: \\\\
81-
letter: \\\\
80+
literal: \\
81+
letter: \\
8282
literal: [
8383
letter: [
84-
literal: \\\\(
85-
quoted_brack: \\\\(
86-
literal: \\\\)
87-
quoted_brack: \\\\)
84+
literal: \\(
85+
quoted_brack: \\(
86+
literal: \\)
87+
quoted_brack: \\)
8888
literal: ]
8989
letter: ]
9090
literal: b
@@ -95,18 +95,18 @@ exports[`should compile regex 4`] = `
9595
`;
9696
9797
exports[`should compile regex 5`] = `
98-
"SCRIPT: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
99-
SYNTAX: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
100-
any_group: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
101-
group_tail: a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc)
98+
"SCRIPT: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
99+
SYNTAX: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
100+
any_group: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
101+
group_tail: a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc)
102102
literal: a
103103
letter: a
104104
literal: [
105105
letter: [
106-
literal: \\\\(
107-
quoted_brack: \\\\(
108-
literal: \\\\)
109-
quoted_brack: \\\\)
106+
literal: \\(
107+
quoted_brack: \\(
108+
literal: \\)
109+
quoted_brack: \\)
110110
literal: ]
111111
letter: ]
112112
literal: +
@@ -117,22 +117,22 @@ exports[`should compile regex 5`] = `
117117
group_tail: b
118118
literal: b
119119
letter: b
120-
any_group: (?<label1>[^\\\\[\\\\(\\\\)]bc)
120+
any_group: (?<label1>[^\\[\\(\\)]bc)
121121
group_name: ?<label1>
122122
label: label1
123-
group_tail: [^\\\\[\\\\(\\\\)]bc
123+
group_tail: [^\\[\\(\\)]bc
124124
literal: [
125125
letter: [
126126
literal: ^
127127
letter: ^
128-
literal: \\\\
129-
letter: \\\\
128+
literal: \\
129+
letter: \\
130130
literal: [
131131
letter: [
132-
literal: \\\\(
133-
quoted_brack: \\\\(
134-
literal: \\\\)
135-
quoted_brack: \\\\)
132+
literal: \\(
133+
quoted_brack: \\(
134+
literal: \\)
135+
quoted_brack: \\)
136136
literal: ]
137137
letter: ]
138138
literal: b
@@ -142,71 +142,71 @@ exports[`should compile regex 5`] = `
142142
"
143143
`;
144144
145-
exports[`should erase names 1`] = `"abcd\\\\("`;
145+
exports[`should erase names 1`] = `"abcd\\("`;
146146
147-
exports[`should erase names 2`] = `"(a\\\\(bc)"`;
147+
exports[`should erase names 2`] = `"(a\\(bc)"`;
148148
149-
exports[`should erase names 3`] = `"(a[^\\\\[\\\\(\\\\)]bc)"`;
149+
exports[`should erase names 3`] = `"(a[^\\[\\(\\)]bc)"`;
150150
151-
exports[`should erase names 4`] = `"(a([^\\\\[\\\\(\\\\)]bc))"`;
151+
exports[`should erase names 4`] = `"(a([^\\[\\(\\)]bc))"`;
152152
153-
exports[`should erase names 5`] = `"(a[\\\\(\\\\)]+(b)([^\\\\[\\\\(\\\\)]bc))"`;
153+
exports[`should erase names 5`] = `"(a[\\(\\)]+(b)([^\\[\\(\\)]bc))"`;
154154
155-
exports[`should get named groups 1`] = `Array []`;
155+
exports[`should get named groups 1`] = `[]`;
156156
157157
exports[`should get named groups 2`] = `
158-
Array [
159-
Object {
160-
"val": "a\\\\(bc",
158+
[
159+
{
160+
"val": "a\\(bc",
161161
},
162162
]
163163
`;
164164
165165
exports[`should get named groups 3`] = `
166-
Array [
167-
Object {
166+
[
167+
{
168168
"name": "label1",
169-
"val": "a[^\\\\[\\\\(\\\\)]bc",
169+
"val": "a[^\\[\\(\\)]bc",
170170
},
171171
]
172172
`;
173173
174174
exports[`should get named groups 4`] = `
175-
Array [
176-
Object {
177-
"val": "a(?<label1>[^\\\\[\\\\(\\\\)]bc)",
175+
[
176+
{
177+
"val": "a(?<label1>[^\\[\\(\\)]bc)",
178178
},
179-
Object {
179+
{
180180
"name": "label1",
181-
"val": "[^\\\\[\\\\(\\\\)]bc",
181+
"val": "[^\\[\\(\\)]bc",
182182
},
183183
]
184184
`;
185185
186186
exports[`should get named groups 5`] = `
187-
Array [
188-
Object {
189-
"val": "a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc)",
187+
[
188+
{
189+
"val": "a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc)",
190190
},
191-
Object {
191+
{
192192
"name": "l2",
193193
"val": "b",
194194
},
195-
Object {
195+
{
196196
"name": "label1",
197-
"val": "[^\\\\[\\\\(\\\\)]bc",
197+
"val": "[^\\[\\(\\)]bc",
198198
},
199199
]
200200
`;
201201
202202
exports[`should process regex 1`] = `
203-
Object {
204-
"labels": Array [
205-
Object {
203+
{
204+
"labels": [
205+
{
206206
"name": "helper",
207207
"val": "[a-zA-Z0-9]+",
208208
},
209-
Object {
209+
{
210210
"name": "token",
211211
"val": "[a-zA-Z]+",
212212
},

0 commit comments

Comments
 (0)