Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Match against "pattern*" as RegExp #2086

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Match against "pattern*" as RegExp #2086

wants to merge 1 commit into from

Conversation

anthonyp-usafacts
Copy link

RE: #1281 (comment)

We want to allow people to use a wildcard string in their core-modules settings.

This will convert "pattern*" into RegExp('^pattern.*$') while also still enforcing a direct match on core-module strings that do not have the wildcard.

Per the issue thread, the allowable scenario was that the string ends in a wildcard, and nothing else.

@coveralls
Copy link

Coverage Status

Coverage decreased (-13.1%) to 68.272% when pulling 6dd2145 on anthonyp-usafacts:Issue-1281-Accept-Wildcard-Ending-Core-Modules into bc99b86 on benmosher:master.

ljharb
ljharb requested changes May 17, 2021
View reviewed changes
Copy link
Member

@ljharb ljharb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Allowing regexes in eslint configs is a fast path to ReDOS CVEs. We can use minimatch to support globs, however.

@ljharb ljharb added package: utils eslint-module-utils package semver-minor labels May 17, 2021
@anthonyp-usafacts
Copy link
Author

Allowing regexes in eslint configs is a fast path to ReDOS CVEs. We can use minimatch to support globs, however.

Very true. I'm kinda hoping the issue author jumps in here because I like people solving their own issues in community-driven repos. If I don't hear back I'll revise this later.

@ljharb
Copy link
Member

ljharb commented May 17, 2021

After 2 years it's unlikely they will do so; any help from you is appreciated.

We'll also need a test covering this behavior.

@penx
Copy link

penx commented May 17, 2021

Very true. I'm kinda hoping the issue author jumps in here because I like people solving their own issues in community-driven repos.

I understand, but I've not written an eslint rule. When I looked 2 years ago I didn't know where to begin and didn't know anyone who could help me with it. Now you have a draft PR I have some context of what needs doing - although I still find it pretty confusing 😄

If someone wants to help walk me through it I'd be happy to give it a go.

Is there an existing test I could point a debugger at to step through this code and figure out what it's doing?

@ljharb ljharb marked this pull request as draft August 8, 2021 05:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljharb ljharb ljharb requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
package: utils eslint-module-utils package semver-minor
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anthonyp-usafacts @coveralls @ljharb @penx