fix security alerts

metrico · Sep 3, 2024 · 422c992 · 422c992
1 parent 316b392
commit 422c992
Show file tree

Hide file tree

Showing 5 changed files with 2,568 additions and 2,554 deletions.
diff --git a/jest.config.js b/jest.config.js
@@ -2,6 +2,6 @@ const path = require('path')
 module.exports = {
   setupFilesAfterEnv: [path.join(__dirname, '/test/jest.setup.js')],
   moduleNameMapper: {
-    '^axios$': 'axios/dist/node/axios.cjs'
+    '^axios$': require.resolve('axios'),//'axios/dist/node/axios.cjs'
   }
 }
diff --git a/parser/bnf.js b/parser/bnf.js
@@ -79,21 +79,35 @@ compiler._ParseScript = compiler.ParseScript
 compiler.ParseScript = function (script) {
   const qLiterals = []
   const aqLiterals = []
-  const quotedStrings = script.replaceAll(/"([^"\\]|\\.)*"/g, (str) => {
-    if (str.length < 512) {
-      return str
+  let _script = script
+  let res = ''
+  let qsMatch = _script.match(/^([^"]*)("([^"\\]|\\.)*")?/)
+  while (qsMatch && qsMatch[0]) {
+    let repl = qsMatch[2] || ''
+    if (repl.length > 512) {
+      qLiterals.push(repl)
+      repl = `"QL_${qLiterals.length - 1}"`
     }
-    qLiterals.push(str)
-    return `"QL_${qLiterals.length - 1}"`
-  })
-  const aQuotedStrings = quotedStrings.replaceAll(/`([^`\\]|\\.)*`/g, (str) => {
-    if (str.length < 512) {
-      return str
+    res = res + qsMatch[1] + repl
+    _script = _script.slice(qsMatch[0].length)
+    qsMatch = _script.match(/^([^"]*)("([^"\\]|\\.)*")?/)
+  }
+
+  _script = res
+  res = ''
+  qsMatch = _script.match(/^([^`]*)(`([^`\\]|\\.)*`)?/)
+  while (qsMatch && qsMatch[0]) {
+    let repl = qsMatch[2] || ''
+    if (repl.length > 512) {
+      aqLiterals.push(repl)
+      repl = `\`AL_${qLiterals.length - 1}\``
     }
-    aqLiterals.push(str)
-    return `\`AL_${aqLiterals.length - 1}\``
-  })
-  const parsedScript = this._ParseScript(aQuotedStrings)
+    res = res + qsMatch[1] + repl
+    _script = _script.slice(qsMatch[0].length)
+    qsMatch = _script.match(/^([^`]*)(`([^`\\]|\\.)*`)?/)
+  }
+
+  const parsedScript = this._ParseScript(res)
   if (!parsedScript) {
     return parsedScript
   }

diff --git a/qryn_node.js b/qryn_node.js
@@ -124,7 +124,7 @@ let fastify = require('fastify')({
     done()
   }))
   await fastify.register(require('@fastify/compress'), {
-    encodings: ['gzip'],
+    encodings: ['gzip']/*,
     zlib: {
       createGzip: () => {
         const deflator = new pako.Deflate({ gzip: true })
@@ -152,7 +152,7 @@ let fastify = require('fastify')({
         }
         return res
       }
-    }
+    }*/
   })
   await fastify.register(require('@fastify/url-data'))
   await fastify.register(require('@fastify/websocket'))

diff --git a/test/__snapshots__/parser.test.js.snap b/test/__snapshots__/parser.test.js.snap
@@ -1,8 +1,8 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
 exports[`should compile regex 1`] = `
-"SCRIPT: abcd\\\\(
- SYNTAX: abcd\\\\(
+"SCRIPT: abcd\\(
+ SYNTAX: abcd\\(
   literal: a
    letter: a
   literal: b
@@ -11,20 +11,20 @@ exports[`should compile regex 1`] = `
    letter: c
   literal: d
    letter: d
-  literal: \\\\(
-   quoted_brack: \\\\(
+  literal: \\(
+   quoted_brack: \\(
 "
 `;
 
 exports[`should compile regex 2`] = `
-"SCRIPT: (a\\\\(bc)
- SYNTAX: (a\\\\(bc)
-  any_group: (a\\\\(bc)
-   group_tail: a\\\\(bc
+"SCRIPT: (a\\(bc)
+ SYNTAX: (a\\(bc)
+  any_group: (a\\(bc)
+   group_tail: a\\(bc
     literal: a
      letter: a
-    literal: \\\\(
-     quoted_brack: \\\\(
+    literal: \\(
+     quoted_brack: \\(
     literal: b
      letter: b
     literal: c
@@ -33,26 +33,26 @@ exports[`should compile regex 2`] = `
 `;
 
 exports[`should compile regex 3`] = `
-"SCRIPT: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
- SYNTAX: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
-  any_group: (?<label1>a[^\\\\[\\\\(\\\\)]bc)
+"SCRIPT: (?<label1>a[^\\[\\(\\)]bc)
+ SYNTAX: (?<label1>a[^\\[\\(\\)]bc)
+  any_group: (?<label1>a[^\\[\\(\\)]bc)
    group_name: ?<label1>
     label: label1
-   group_tail: a[^\\\\[\\\\(\\\\)]bc
+   group_tail: a[^\\[\\(\\)]bc
     literal: a
      letter: a
     literal: [
      letter: [
     literal: ^
      letter: ^
-    literal: \\\\
-     letter: \\\\
+    literal: \\
+     letter: \\
     literal: [
      letter: [
-    literal: \\\\(
-     quoted_brack: \\\\(
-    literal: \\\\)
-     quoted_brack: \\\\)
+    literal: \\(
+     quoted_brack: \\(
+    literal: \\)
+     quoted_brack: \\)
     literal: ]
      letter: ]
     literal: b
@@ -63,28 +63,28 @@ exports[`should compile regex 3`] = `
 `;
 
 exports[`should compile regex 4`] = `
-"SCRIPT: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
- SYNTAX: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
-  any_group: (a(?<label1>[^\\\\[\\\\(\\\\)]bc))
-   group_tail: a(?<label1>[^\\\\[\\\\(\\\\)]bc)
+"SCRIPT: (a(?<label1>[^\\[\\(\\)]bc))
+ SYNTAX: (a(?<label1>[^\\[\\(\\)]bc))
+  any_group: (a(?<label1>[^\\[\\(\\)]bc))
+   group_tail: a(?<label1>[^\\[\\(\\)]bc)
     literal: a
      letter: a
-    any_group: (?<label1>[^\\\\[\\\\(\\\\)]bc)
+    any_group: (?<label1>[^\\[\\(\\)]bc)
      group_name: ?<label1>
       label: label1
-     group_tail: [^\\\\[\\\\(\\\\)]bc
+     group_tail: [^\\[\\(\\)]bc
       literal: [
        letter: [
       literal: ^
        letter: ^
-      literal: \\\\
-       letter: \\\\
+      literal: \\
+       letter: \\
       literal: [
        letter: [
-      literal: \\\\(
-       quoted_brack: \\\\(
-      literal: \\\\)
-       quoted_brack: \\\\)
+      literal: \\(
+       quoted_brack: \\(
+      literal: \\)
+       quoted_brack: \\)
       literal: ]
        letter: ]
       literal: b
@@ -95,18 +95,18 @@ exports[`should compile regex 4`] = `
 `;
 
 exports[`should compile regex 5`] = `
-"SCRIPT: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
- SYNTAX: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
-  any_group: (a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc))
-   group_tail: a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc)
+"SCRIPT: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
+ SYNTAX: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
+  any_group: (a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc))
+   group_tail: a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc)
     literal: a
      letter: a
     literal: [
      letter: [
-    literal: \\\\(
-     quoted_brack: \\\\(
-    literal: \\\\)
-     quoted_brack: \\\\)
+    literal: \\(
+     quoted_brack: \\(
+    literal: \\)
+     quoted_brack: \\)
     literal: ]
      letter: ]
     literal: +
@@ -117,22 +117,22 @@ exports[`should compile regex 5`] = `
      group_tail: b
       literal: b
        letter: b
-    any_group: (?<label1>[^\\\\[\\\\(\\\\)]bc)
+    any_group: (?<label1>[^\\[\\(\\)]bc)
      group_name: ?<label1>
       label: label1
-     group_tail: [^\\\\[\\\\(\\\\)]bc
+     group_tail: [^\\[\\(\\)]bc
       literal: [
        letter: [
       literal: ^
        letter: ^
-      literal: \\\\
-       letter: \\\\
+      literal: \\
+       letter: \\
       literal: [
        letter: [
-      literal: \\\\(
-       quoted_brack: \\\\(
-      literal: \\\\)
-       quoted_brack: \\\\)
+      literal: \\(
+       quoted_brack: \\(
+      literal: \\)
+       quoted_brack: \\)
       literal: ]
        letter: ]
       literal: b
@@ -142,71 +142,71 @@ exports[`should compile regex 5`] = `
 "
 `;
 
-exports[`should erase names 1`] = `"abcd\\\\("`;
+exports[`should erase names 1`] = `"abcd\\("`;
 
-exports[`should erase names 2`] = `"(a\\\\(bc)"`;
+exports[`should erase names 2`] = `"(a\\(bc)"`;
 
-exports[`should erase names 3`] = `"(a[^\\\\[\\\\(\\\\)]bc)"`;
+exports[`should erase names 3`] = `"(a[^\\[\\(\\)]bc)"`;
 
-exports[`should erase names 4`] = `"(a([^\\\\[\\\\(\\\\)]bc))"`;
+exports[`should erase names 4`] = `"(a([^\\[\\(\\)]bc))"`;
 
-exports[`should erase names 5`] = `"(a[\\\\(\\\\)]+(b)([^\\\\[\\\\(\\\\)]bc))"`;
+exports[`should erase names 5`] = `"(a[\\(\\)]+(b)([^\\[\\(\\)]bc))"`;
 
-exports[`should get named groups 1`] = `Array []`;
+exports[`should get named groups 1`] = `[]`;
 
 exports[`should get named groups 2`] = `
-Array [
-  Object {
-    "val": "a\\\\(bc",
+[
+  {
+    "val": "a\\(bc",
   },
 ]
 `;
 
 exports[`should get named groups 3`] = `
-Array [
-  Object {
+[
+  {
     "name": "label1",
-    "val": "a[^\\\\[\\\\(\\\\)]bc",
+    "val": "a[^\\[\\(\\)]bc",
   },
 ]
 `;
 
 exports[`should get named groups 4`] = `
-Array [
-  Object {
-    "val": "a(?<label1>[^\\\\[\\\\(\\\\)]bc)",
+[
+  {
+    "val": "a(?<label1>[^\\[\\(\\)]bc)",
   },
-  Object {
+  {
     "name": "label1",
-    "val": "[^\\\\[\\\\(\\\\)]bc",
+    "val": "[^\\[\\(\\)]bc",
   },
 ]
 `;
 
 exports[`should get named groups 5`] = `
-Array [
-  Object {
-    "val": "a[\\\\(\\\\)]+(?<l2>b)(?<label1>[^\\\\[\\\\(\\\\)]bc)",
+[
+  {
+    "val": "a[\\(\\)]+(?<l2>b)(?<label1>[^\\[\\(\\)]bc)",
   },
-  Object {
+  {
     "name": "l2",
     "val": "b",
   },
-  Object {
+  {
     "name": "label1",
-    "val": "[^\\\\[\\\\(\\\\)]bc",
+    "val": "[^\\[\\(\\)]bc",
   },
 ]
 `;
 
 exports[`should process regex 1`] = `
-Object {
-  "labels": Array [
-    Object {
+{
+  "labels": [
+    {
       "name": "helper",
       "val": "[a-zA-Z0-9]+",
     },
-    Object {
+    {
       "name": "token",
       "val": "[a-zA-Z]+",
     },