fix unsafe regex. fix getVersion limited to 1 decimal

LiveRamp / reslang

A language for describing resource-oriented APIs & turning them into Swagger or resource diagrams. Oriented around the concepts we want to expose in the APIs.

Apache License 2.0

23 stars 7 forks source link

fix unsafe regex. fix getVersion limited to 1 decimal #148

Closed bobisme closed 3 years ago

bobisme commented 3 years ago

regex for removeVersion and getVersion considered "unsafe" in some contexts, minimally leads to wasted cpu due to catastrophic backtracking.

getVersion regex was only looking for a single digit.

added test to check for double-digit version and refactored the tests to add descriptions.

ops-github-DU4JOAWE commented 3 years ago

This change is

bobisme commented 3 years ago

I had tests for removeVersion, then saw it was unexported and only used in the same file, so I removed them because I didn't want to make too many waves. I'm sure it doesn't hurt to export and test it though 👍 .