eritbh
commented
3 years ago This seems like a good remediation technique: https://www.josephkirwin.com/2016/03/12/nodejs_redos_mitigation/
For something like message filters which need to be executed for basically every messageCreate the bot receives, might be worth looking into an asynchronous method instead, depending on the performance hit incurred by using vm - needs further investigation
Regex patterns in filters are passed straight to the regexp constructor without any sort of filtering for malicious patterns. For trusted expressions (those on the /r/anime server) this is fine, but not the best solution long-term.
https://medium.com/@liran.tal/node-js-pitfalls-how-a-regex-can-bring-your-system-down-cbf1dc6c4e02