test: Add a test case for ReDoS vulnerability

gulpjs · Jun 24, 2021 · 2e53333 · 2e53333
1 parent d16d629
commit 2e53333
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/test/index.test.js b/test/index.test.js
@@ -4,6 +4,8 @@ var gp = require('../');
 var expect = require('expect');
 var isWin32 = require('os').platform() === 'win32';
 
+var performance = require('perf_hooks').performance;
+
 describe('glob-parent', function () {
   it('should strip glob magic to return parent path', function (done) {
     expect(gp('.')).toEqual('.');
@@ -224,6 +226,26 @@ describe('glob2base test patterns', function () {
 
     done();
   });
+
+  it('should not increase calc. time exponentially by \'/\' count [CVE-2021-35065]', function (done) {
+    var measure = function(n) {
+      var input = "{" + "/".repeat(n);
+      var st = performance.now();
+      gp(input);
+      var ed = performance.now();
+      return (ed - st) / (n * n);
+    };
+
+    var result0 = measure(5000);
+
+    [10000, 50000, 100000, 150000].forEach(function(n) {
+      var result1 = measure(n);
+      expect(result1 / result0).toBeLessThan(0.9);
+      result0 = result1;
+    });
+
+    done();
+  });
 });
 
 if (isWin32) {