fix(api): fix inefficient RegExp that may cause ReDoS

Fixes inefficient RegExp which could cause Regular expression Denial of Service attack The problematic part (?:\[(?:\d*|[a-z0-9_-]+)\])* will matches (empty) [] [0123] [abcd] [0a_1b_c2] [][] [0123][] [abcd][0a_1b_c2] All these pattern is covered with the fixed regexp, I think.
fomantic · Apr 30, 2022 · 17bec4a · 17bec4a
1 parent 04f70a7
commit 17bec4a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/definitions/behaviors/api.js b/src/definitions/behaviors/api.js
@@ -1208,7 +1208,7 @@ $.api.settings = {
   regExp  : {
     required : /\{\$*[A-z0-9]+\}/g,
     optional : /\{\/\$*[A-z0-9]+\}/g,
-    validate: /^[a-z_][a-z0-9_-]*(?:\[(?:\d*|[a-z0-9_-]+)\])*$/i,
+    validate: /^[a-z_][a-z0-9_-]*(?:\[[a-z0-9_-]*\])*$/i,
     key:      /[a-z0-9_-]+|(?=\[\])/gi,
     push:     /^$/,
     fixed:    /^\d+$/,