Merge pull request #30 from jaredwray/fixing-security-issue-with-chop…

…-and-more-than-1000-characters fixing security issue with chop and more than 1000 characters
jaredwray · Oct 24, 2023 · 8ab5a02 · 8ab5a02
2 parents b72e54a + 008118a
commit 8ab5a02
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/lib/utils/index.js b/lib/utils/index.js
@@ -31,6 +31,9 @@ utils.contains = function(val, obj, start) {
 utils.chop = function(str) {
   if (!util.isString(str)) return '';
   var re = /^[-_.\W\s]+|[-_.\W\s]+$/g;
+  if(str.length > 1000) {
+    throw new Error('utils.chop() regex is too long!');
+  }
   return str.trim().replace(re, '');
 };
 

diff --git a/test/utils.js b/test/utils.js
@@ -16,6 +16,12 @@ describe('utils', function() {
     it('should remove non-word characters from end of string', function() {
       assert.equal(utils.chop('foo bar baz _- '), 'foo bar baz');
     });
+    it('should throw an error if it is over 1000 characters long', function() {
+      var str = 'foo bar baz _- '.repeat(1001);
+      assert.throws(function() {
+        utils.chop(str);
+      }, /utils\.chop\(\) regex is too long!/);
+    });
   });
 
   describe('changecase', function() {