-
-
Notifications
You must be signed in to change notification settings - Fork 109
/
detect-unsafe-regex.js
50 lines (44 loc) · 1.63 KB
/
detect-unsafe-regex.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
/**
* Check if the regex is evil or not using the safe-regex module
* @author Adam Baldwin
*/
'use strict';
//-----------------------------------------------------------------------------
// Requirements
//-----------------------------------------------------------------------------
const safe = require('safe-regex');
//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------
module.exports = {
meta: {
type: 'error',
docs: {
description: 'Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.',
category: 'Possible Security Vulnerability',
recommended: true,
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-unsafe-regex.md',
},
},
create(context) {
return {
Literal: function (node) {
const token = context.getSourceCode().getTokens(node)[0];
const nodeType = token.type;
const nodeValue = token.value;
if (nodeType === 'RegularExpression') {
if (!safe(nodeValue)) {
context.report({ node: node, message: 'Unsafe Regular Expression' });
}
}
},
NewExpression: function (node) {
if (node.callee.name === 'RegExp' && node.arguments && node.arguments.length > 0 && node.arguments[0].type === 'Literal') {
if (!safe(node.arguments[0].value)) {
context.report({ node: node, message: 'Unsafe Regular Expression (new RegExp)' });
}
}
},
};
},
};