search

swagger-api / swagger-js

Javascript library to connect to swagger-enabled APIs via browser or nodejs
http://swagger.io
Apache License 2.0
2.62k stars 758 forks source link

Fix code scanning alert - Polynomial regular expression used on uncontrolled data #3501

Closed char0n closed 4 months ago

char0n commented 4 months ago

Tracking issue for:

char0n commented 4 months ago

Fully safe regexp: /\{([^{}]+)}|([^{}]+)/g

char0n commented 4 months ago 
  while ((text = re.exec(str))) {
    if (text[1]) results.push(text[1]);
  }
  return results;
char0n commented 4 months ago

The issue was mitigated in https://github.com/swagger-api/swagger-js/pull/3502

char0n commented 4 months ago

The issue was fully remediated in https://github.com/swagger-api/swagger-js/pull/3507