From ff5ace990cc3a668cf8eecd2565c799c0fbdc396 Mon Sep 17 00:00:00 2001
From: Marco Rios <61625707+marcoriosp@users.noreply.github.com>
Date: Sat, 7 Aug 2021 01:20:28 +0800
Subject: [PATCH]  Polynomial regular expression

A regular expression that can require polynomial time to match may be vulnerable to denial-of-service attacks.
---
 app.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index acd3188..ed867df 100644
--- a/app.js
+++ b/app.js
@@ -40,7 +40,8 @@ app.use((req, res, next) => {
 // cookie parser
 app.use((req, res, next) => {
   req.cookies = {}
-  ;(req.headers.cookie || '').split(/\s*;\s*/).forEach((pair) => {
+  //;(req.headers.cookie || '').split(/\s*;\s*/).forEach((pair) => { //  Polynomial regular expression //
+  ;(req.headers.cookie || '').split(/^\s+|(?<!\s)\s+$/g).forEach((pair) => {
     let crack = pair.indexOf('=')
     if (crack < 1 || crack == pair.length - 1) return
     req.cookies[decodeURIComponent(pair.slice(0, crack)).trim()] =