fix ReDoS in file editor (UiFileManager plugin) due to outdated codemirror

just patched from updated version, ideally codemirror dependency should be
included during build stage, but there's no infrastructure for that (yet)
This commit is contained in:
caryoscelus 2023-07-03 21:19:40 +00:00
parent 8355b82eef
commit d16c71966b
3 changed files with 10 additions and 3 deletions

View file

@ -1,6 +1,7 @@
### zeronet-conservancy 0.7.9+
- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
### zeronet-conservancy 0.7.9 (2023-07-02)
### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35)
maintainers: @caryoscelus -> none
- update README (build/dev instructions; thanks to @fgaz)
- better debugging of update non-propagation

View file

@ -17366,7 +17366,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
var kw = keywords[word]
return ret(kw.type, kw.style, word)
}
if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
// backported ReDoS fix from
// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
return ret("async", "keyword", word)
}
return ret("variable", "variable", word)

View file

@ -126,7 +126,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
var kw = keywords[word]
return ret(kw.type, kw.style, word)
}
if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
// backported ReDoS fix from
// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
return ret("async", "keyword", word)
}
return ret("variable", "variable", word)