-
-
Notifications
You must be signed in to change notification settings - Fork 20
/
malicious.js
28 lines (23 loc) · 864 Bytes
/
malicious.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
'use strict';
var assert = require('assert');
var nm = require('./support/match');
/**
* These tests are based on minimatch unit tests
*/
function generate(len, ch) {
var pattern = '';
while (--len) pattern += ch;
return pattern;
}
describe('handling of potential regex exploits', function() {
it('should support long escape sequences', function() {
assert(nm.isMatch('A', '!(' + generate(1024 * 2, '\\') + 'A)'), 'within the limits, and valid match');
assert(!nm.isMatch('A', '[!(' + generate(1024 * 2, '\\') + 'A'), 'within the limits, but invalid regex');
});
it('should throw an error when the pattern is too long', function() {
assert.throws(function() {
var exploit = '!(' + generate(1024 * 64, '\\') + 'A)';
assert(!nm.isMatch('A', exploit));
}, /expected pattern to be less than 65536 characters/);
});
});