Closed BlueTux611 closed 1 month ago
Yes, hope this gets published soon.
When this PR will get merged?
it needs tests.
Was there a reason why this PR was closed instead of merged? I see tests weren't added either
@quiquetubi no particular reason. I was not in the mood of keeping it open.
Proposing as a possible solution if it fits.
Issue Description: "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
To address this issue I added a check for imbalanced braces after the maxLength check. When tested it no longer leads to "Javascript heap out of memory" and will instead throw syntax error when imbalanced braces are used similar to when input is above the max length.