Skip to content

Commit

Permalink
test: Add a test case for ReDoS vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@sttk
sttk committed Jun 24, 2021
1 parent d16d629 commit da6f8af
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions test/index.test.js
View file
Expand Up @@ -4,6 +4,8 @@ var gp = require('../');
var expect = require('expect');
var isWin32 = require('os').platform() === 'win32';

var performance = require('perf_hooks').performance;

describe('glob-parent', function () {
it('should strip glob magic to return parent path', function (done) {
expect(gp('.')).toEqual('.');
Expand Down Expand Up @@ -224,6 +226,27 @@ describe('glob2base test patterns', function () {

done();
});

it('should not increase calc. time exponentially by \'/\' count [CVE-2021-35065]', function (done) {
var measure = function(n) {
var input = "{" + "/".repeat(n);
var st = performance.now();
gp(input);
var ed = performance.now();
return (ed - st) / (n * n);
};

var result0 = measure(5000);

[50000, 500000].forEach(function(n) {
var result1 = measure(n);
console.log(result1 / result0, result0, result1);
expect(result1 / result0).toBeLessThan(0.9);
result0 = result1;
});

done();
});
});

if (isWin32) {
Expand Down

0 comments on commit da6f8af

Please sign in to comment.