rpms / nodejs-nodemon

Clone
Source Code
GIT

Blame SOURCES/0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch

c8-beta-stream-10 c8-beta-stream-12 c8-beta-stream-14 c8-beta-stream-16 c8-beta-stream-18 c8-stream-10 c8-stream-12 c8-stream-14 c8-stream-16 c8-stream-18 c8s-stream-12 c8s-stream-14 c8s-stream-16 c8s-stream-18 c9 c9-beta c9-beta-stream-18 c9-stream-18
  1.   c8s-stream-16
  2.   SOURCES
  3.   0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
Blob History Raw
b1aa1b 
From 62287c7af3aabd73db9bd1057c4c6cfcb5f3f67b Mon Sep 17 00:00:00 2001
b1aa1b 
From: Takayuki Sato <sttk.xslet@gmail.com>
b1aa1b 
Date: Tue, 20 Jul 2021 14:46:33 +0900
b1aa1b 
Subject: [PATCH] deps(glob-parent): Resolve ReDoS vulnerability from
b1aa1b 
 CVE-2021-35065 (#49)
b1aa1b
b1aa1b 
Signed-off-by: rpm-build <rpm-build>
b1aa1b 
---
b1aa1b 
 node_modules/glob-parent/index.js | 27 +++++++++++++++++++++++++--
b1aa1b 
 1 file changed, 25 insertions(+), 2 deletions(-)
b1aa1b
b1aa1b 
diff --git a/node_modules/glob-parent/index.js b/node_modules/glob-parent/index.js
b1aa1b 
index 09e257e..b182190 100644
b1aa1b 
--- a/node_modules/glob-parent/index.js
b1aa1b 
+++ b/node_modules/glob-parent/index.js
b1aa1b 
@@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
b1aa1b
b1aa1b 
 var slash = '/';
b1aa1b 
 var backslash = /\\/g;
b1aa1b 
-var enclosure = /[\{\[].*[\}\]]$/;
b1aa1b 
 var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
b1aa1b 
 var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
b1aa1b
b1aa1b 
@@ -25,7 +24,7 @@ module.exports = function globParent(str, opts) {
b1aa1b 
   }
b1aa1b
b1aa1b 
   // special case for strings ending in enclosure containing path separator
b1aa1b 
-  if (enclosure.test(str)) {
b1aa1b 
+  if (isEnclosure(str)) {
b1aa1b 
     str += slash;
b1aa1b 
   }
b1aa1b
b1aa1b 
@@ -40,3 +39,27 @@ module.exports = function globParent(str, opts) {
b1aa1b 
   // remove escape chars and return result
b1aa1b 
   return str.replace(escaped, '$1');
b1aa1b 
 };
b1aa1b 
+
b1aa1b 
+
b1aa1b 
+function isEnclosure(str) {
b1aa1b 
+  var lastChar = str.slice(-1)
b1aa1b 
+
b1aa1b 
+  var enclosureStart;
b1aa1b 
+  switch (lastChar) {
b1aa1b 
+    case '}':
b1aa1b 
+      enclosureStart = '{';
b1aa1b 
+      break;
b1aa1b 
+    case ']':
b1aa1b 
+      enclosureStart = '[';
b1aa1b 
+      break;
b1aa1b 
+    default:
b1aa1b 
+      return false;
b1aa1b 
+  }
b1aa1b 
+
b1aa1b 
+  var foundIndex = str.indexOf(enclosureStart);
b1aa1b 
+  if (foundIndex < 0) {
b1aa1b 
+    return false;
b1aa1b 
+  }
b1aa1b 
+
b1aa1b 
+  return str.slice(foundIndex + 1, -1).includes(slash);
b1aa1b 
+}
b1aa1b 
--
b1aa1b 
2.39.2
b1aa1b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation