Skip to content

fix ReDOS in isEmail and isHSL#1651

Merged
profnandaa merged 5 commits intovalidatorjs:masterfrom
tux-tn:chore/Security
Apr 20, 2021
Merged

fix ReDOS in isEmail and isHSL#1651
profnandaa merged 5 commits intovalidatorjs:masterfrom
tux-tn:chore/Security

Conversation

@tux-tn
Copy link
Member

@tux-tn tux-tn commented Apr 19, 2021

This PR updates isEmail and isHSL in order to prevent ReDOS attack described in #1597 and #1598 without changing the behaviour of both validators.

mocha has also been updated to the latest version in order to prevent npm/yarn audit from displaying a warning (Mocha is used as a dev dependency, people using validator are not impacted)

Checklist

  • PR contains only changes related; no stray files, etc.

@codecov
Copy link

codecov bot commented Apr 19, 2021
edited
Loading

Codecov Report

Merging #1651 (f967d0a) into master (05ceb18) will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##            master     #1651   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          100       101    +1     
  Lines         1847      1854    +7     
=========================================
+ Hits          1847      1854    +7
Impacted Files Coverage Δ
src/lib/isEmail.js 100.00% <100.00%> (ø)
src/lib/isHSL.js 100.00% <100.00%> (ø)
src/lib/isIBAN.js 100.00% <0.00%> (ø)
src/lib/isMobilePhone.js 100.00% <0.00%> (ø)
src/lib/isPassportNumber.js 100.00% <0.00%> (ø)
src/lib/util/typeOf.js 100.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 05ceb18...f967d0a. Read the comment docs.

profnandaa
profnandaa approved these changes Apr 20, 2021
View reviewed changes
Copy link
Member

@profnandaa profnandaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for getting this in! LGTM.

@profnandaa profnandaa merged commit b986f3d into validatorjs:master Apr 20, 2021
@profnandaa profnandaa mentioned this pull request Apr 20, 2021
Closed
@tux-tn tux-tn deleted the chore/Security branch April 20, 2021 09:59
@profnandaa profnandaa mentioned this pull request Apr 20, 2021
Open
This was referenced Oct 28, 2021
Closed
Closed
Closed
Closed
Open
Open
This was referenced Nov 11, 2021
Closed
Closed
@abdulrahman-khankan abdulrahman-khankan mentioned this pull request Nov 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@profnandaa profnandaa profnandaa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tux-tn @profnandaa