renil/neteasecloudmusicapi
1
0
Fork 0
mirror of https://gitlab.com/Binaryify/neteasecloudmusicapi.git synced 2025-05-23 22:37:41 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Polynomial regular expression

Browse Source 
A regular expression that can require polynomial time to match may be vulnerable to denial-of-service attacks.
This commit is contained in:
Marco Rios 2021-08-07 01:20:28 +08:00 committed by GitHub
parent 801fc5a7ea
commit ff5ace990c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app.js
View File

@ -40,7 +40,8 @@ app.use((req, res, next) => {
// cookie parser
app.use((req, res, next) => {
req.cookies = {}
;(req.headers.cookie || '').split(/\s*;\s*/).forEach((pair) => {
//;(req.headers.cookie || '').split(/\s*;\s*/).forEach((pair) => { // Polynomial regular expression //
;(req.headers.cookie || '').split(/^\s+|(?<!\s)\s+$/g).forEach((pair) => {
let crack = pair.indexOf('=')
if (crack < 1 || crack == pair.length - 1) return
req.cookies[decodeURIComponent(pair.slice(0, crack)).trim()] =