From dc0d180e90d8a84f7ff13572363330a22b3ea504 Mon Sep 17 00:00:00 2001
From: "Khang Vo (doublevkay)" <45411113+vovikhangcdv@users.noreply.github.com>
Date: Tue, 7 Jun 2022 13:39:39 +0700
Subject: [PATCH 1/3] fix redos in preprocessRFC2822 regex

Fixes: [#2936](https://github.com/moment/moment/issues/6012)

Directly match the comment tokens in preprocessRFC2822 regex to resolve the problem [Regular Expression Denial of Service (ReDoS)#6012](https://github.com/moment/moment/issues/6012)
---
 src/lib/create/from-string.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/create/from-string.js b/src/lib/create/from-string.js
index 5c4d11f740..c1be6f8338 100644
--- a/src/lib/create/from-string.js
+++ b/src/lib/create/from-string.js
@@ -151,7 +151,7 @@ function untruncateYear(yearStr) {
 function preprocessRFC2822(s) {
     // Remove comments and folding whitespace and replace multiple-spaces with a single space
     return s
-        .replace(/\([^)]*\)|[\n\t]/g, ' ')
+        .replace(/\([a-zA-Z0-9\s]*\)|[\n\t]/g, ' ')
         .replace(/(\s\s+)/g, ' ')
         .replace(/^\s\s*/, '')
         .replace(/\s\s*$/, '');

From bfd4f2375d5c1a2106246721d693a9611dddfbfe Mon Sep 17 00:00:00 2001
From: "Khang Vo (doublevkay)" <45411113+vovikhangcdv@users.noreply.github.com>
Date: Wed, 8 Jun 2022 10:32:02 +0700
Subject: [PATCH 2/3] fix redos using local backtracking regex

change the direct matching regex to a local backtracking regex to support all characters in the token comment
---
 src/lib/create/from-string.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/create/from-string.js b/src/lib/create/from-string.js
index c1be6f8338..925fab2d86 100644
--- a/src/lib/create/from-string.js
+++ b/src/lib/create/from-string.js
@@ -151,7 +151,7 @@ function untruncateYear(yearStr) {
 function preprocessRFC2822(s) {
     // Remove comments and folding whitespace and replace multiple-spaces with a single space
     return s
-        .replace(/\([a-zA-Z0-9\s]*\)|[\n\t]/g, ' ')
+        .replace(/\((?:(?!\().)*\)|[\n\t]/gs, ' ')
         .replace(/(\s\s+)/g, ' ')
         .replace(/^\s\s*/, '')
         .replace(/\s\s*$/, '');

From 4bbb9f3ccbe231de40207503f344fe5ce97584f4 Mon Sep 17 00:00:00 2001
From: "Khang Vo (doublevkay)" <45411113+vovikhangcdv@users.noreply.github.com>
Date: Wed, 6 Jul 2022 10:09:09 +0700
Subject: [PATCH 3/3] update regex by avoid matching more open brackets

update regex to avoid matching more open brackets from @ichernev suggestion
---
 src/lib/create/from-string.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/create/from-string.js b/src/lib/create/from-string.js
index 925fab2d86..58739b9d7c 100644
--- a/src/lib/create/from-string.js
+++ b/src/lib/create/from-string.js
@@ -151,7 +151,7 @@ function untruncateYear(yearStr) {
 function preprocessRFC2822(s) {
     // Remove comments and folding whitespace and replace multiple-spaces with a single space
     return s
-        .replace(/\((?:(?!\().)*\)|[\n\t]/gs, ' ')
+        .replace(/\([^()]*\)|[\n\t]/g, ' ')
         .replace(/(\s\s+)/g, ' ')
         .replace(/^\s\s*/, '')
         .replace(/\s\s*$/, '');