Merge pull request markedjs#1083 from davisjam/REDOSTests

security: fix REDOS vulnerabilities
zhenalexfan · Feb 27, 2018 · a05e19e · a05e19e
2 parents fa3998a + 7ad8c11
commit a05e19e
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 5 deletions.
diff --git a/lib/marked.js b/lib/marked.js
@@ -55,7 +55,7 @@ block._tag = '(?!(?:'
 block.html = edit(block.html)
   .replace('comment', /<!--[\s\S]*?-->/)
   .replace('closed', /<(tag)[\s\S]+?<\/\1>/)
-  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>]*)*?\/?>/)
+  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>\s]*)*?\/?>/)
   .replace(/tag/g, block._tag)
   .getRegex();
 
@@ -461,10 +461,10 @@ var inline = {
   escape: /^\\([\\`*{}\[\]()#+\-.!_>])/,
   autolink: /^<(scheme:[^\s\x00-\x1f<>]*|email)>/,
   url: noop,
-  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/]*)*?\/?>/,
+  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/\s]*)*?\/?>/,
   link: /^!?\[(inside)\]\(href\)/,
   reflink: /^!?\[(inside)\]\s*\[([^\]]*)\]/,
-  nolink: /^!?\[((?:\[[^\]]*\]|\\[\[\]]|[^\[\]])*)\]/,
+  nolink: /^!?\[((?:\[[^\[\]]*\]|\\[\[\]]|[^\[\]])*)\]/,
   strong: /^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,
   em: /^_([^\s_](?:[^_]|__)+?[^\s_])_\b|^\*((?:\*\*|[^*])+?)\*(?!\*)/,
   code: /^(`+)\s*([\s\S]*?[^`]?)\s*\1(?!`)/,
@@ -481,7 +481,7 @@ inline.autolink = edit(inline.autolink)
   .replace('email', inline._email)
   .getRegex()
 
-inline._inside = /(?:\[[^\]]*\]|\\[\[\]]|[^\[\]]|\](?=[^\[]*\]))*/;
+inline._inside = /(?:\[[^\[\]]*\]|\\[\[\]]|[^\[\]]|\](?=[^\[]*\]))*/;
 inline._href = /\s*<?([\s\S]*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/;
 
 inline.link = edit(inline.link)

diff --git a/test/index.js b/test/index.js
@@ -110,8 +110,13 @@ function runTests(engine, options) {
   for (i = 0; i < len; i++) {
     filename = filenames[i];
     file = files[filename];
+
+    var before = process.hrtime();
     success = testFile(engine, file, filename, i + 1);
-    if (success) {
+    var elapsed = process.hrtime(before);
+    var tookLessThanOneSec = (elapsed[0] === 0);
+
+    if (success && tookLessThanOneSec) {
       succeeded++;
     } else {
       failed++;

diff --git a/test/new/headings-id.html → test/new/headings_id.html b/test/new/headings-id.html → test/new/headings_id.html
diff --git a/test/new/headings-id.md → test/new/headings_id.md b/test/new/headings-id.md → test/new/headings_id.md
diff --git a/test/new/redos_html_closing.html b/test/new/redos_html_closing.html
diff --git a/test/new/redos_html_closing.md b/test/new/redos_html_closing.md
@@ -0,0 +1 @@
+<tag  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""  ""<" />a'a
diff --git a/test/new/redos_nolink.html b/test/new/redos_nolink.html
diff --git a/test/new/redos_nolink.md b/test/new/redos_nolink.md
@@ -0,0 +1 @@
+![\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]!\