From f9231168b0041fea3f8f954b3cceb56269fc6366 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Sat, 6 Mar 2021 13:16:16 -0800
Subject: [PATCH] fix: eliminate ReDoS (#36)

This change fixes a regular expression denial of service
vulnerability.

Refs: https://github.com/gulpjs/glob-parent/issues/32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
---
 index.js           | 2 +-
 test/index.test.js | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index ef65a47..09e257e 100644
--- a/index.js
+++ b/index.js
@@ -6,7 +6,7 @@ var isWin32 = require('os').platform() === 'win32';
 
 var slash = '/';
 var backslash = /\\/g;
-var enclosure = /[\{\[].*[\/]*.*[\}\]]$/;
+var enclosure = /[\{\[].*[\}\]]$/;
 var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
 var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
 
diff --git a/test/index.test.js b/test/index.test.js
index c13bf04..0a0291e 100644
--- a/test/index.test.js
+++ b/test/index.test.js
@@ -209,6 +209,13 @@ describe('glob2base test patterns', function() {
 
     done();
   });
+
+  it('should not be susceptible to SNYK-JS-GLOBPARENT-1016905', function(done) {
+    // This will time out if susceptible.
+    gp('{' + '/'.repeat(5000));
+
+    done();
+  });
 });
 
 if (isWin32) {