Skip to content

Commit

Permalink
chore: add recheck script (markedjs#2839)
Browse files Browse the repository at this point in the history
  • Loading branch information
UziTech authored Jun 7, 2023
1 parent f879a23 commit d559fe1
Show file tree
Hide file tree
Showing 6 changed files with 155 additions and 46 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ node_modules/
test/compiled_tests
public
docs/LICENSE.md

vuln.js
102 changes: 102 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@
"jasmine": "^5.0.0",
"markdown-it": "13.0.1",
"node-fetch": "^3.3.1",
"recheck": "^4.4.5",
"rollup": "^3.23.0",
"semantic-release": "^21.0.3",
"titleize": "^3.0.0",
Expand All @@ -76,7 +77,7 @@
"test:unit": "npm test -- test/unit/**/*-spec.js",
"test:specs": "npm test -- test/specs/**/*-spec.js",
"test:lint": "eslint .",
"test:redos": "node test/vuln-regex.js",
"test:redos": "node test/recheck.js > vuln.js",
"test:update": "node test/update-specs.js",
"rules": "node test/rules.js",
"bench": "npm run rollup && node test/bench.js",
Expand Down
45 changes: 45 additions & 0 deletions test/recheck.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
import { inline, block } from '../src/rules.js';
import { check } from 'recheck';

function checkRegexp(obj, name) {
return Promise.all(Object.keys(obj).map(async(prop) => {
const item = obj[prop];
const itemName = `${name}.${prop}`;
let source = '';
let flags = '';
if (item instanceof RegExp) {
source = item.source;
flags = item.flags;
} else if (typeof item === 'string') {
source = item;
} else {
return checkRegexp(item, itemName);
}
const gfm = itemName.includes('.gfm.');
const pedantic = itemName.includes('.pedantic.');
const recheckObj = await check(source, flags);
if (recheckObj.status !== 'safe') {
console.log(`// ${itemName}: /${recheckObj.source}/${recheckObj.flags}`);
console.log(`// marked(${recheckObj.attack.pattern}, { pedantic: ${pedantic ? 'true' : 'false'}, gfm: ${gfm ? 'true' : 'false'} });`);
}
}));
}

console.log(`
import { marked } from './src/marked.js';
marked.use({
mangle: false,
headerIds: false
});
const start = Date.now();
`);

await Promise.all([
checkRegexp(inline, 'inline'),
checkRegexp(block, 'block')
]);

console.log(`
console.log(Date.now() - start);`);
7 changes: 5 additions & 2 deletions test/rules.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import rules from '../src/rules.js';
import { inline, block } from '../src/rules.js';
const rules = { inline, block };

const COLOR = {
reset: '\x1b[0m',
Expand Down Expand Up @@ -70,5 +71,7 @@ rulesObj = propsToString(rulesObj);
let output = JSON.stringify(rulesObj, null, 2);
output = output.replace(/^(\s*)"(.*)": null,?$/gm, `$1${COLOR.fgGreen}$2${COLOR.reset}: undefined`);
output = output.replace(/^(\s*)"(.*)": {$/gm, `$1${COLOR.fgGreen}$2${COLOR.reset}: {`);
output = output.replace(/^(\s*)"(.*)": "(.*)",?$/gm, `$1${COLOR.fgGreen}$2${COLOR.reset}: ${COLOR.fgRed}$3${COLOR.reset}`);
output = output.replace(/^(\s*)"(.*)": "(.*)",?$/gm, (...p) => {
return `${p[1]}${COLOR.fgGreen}${p[2]}${COLOR.reset}: ${COLOR.fgRed}${p[3].replace(/\\\\/g, '\\')}${COLOR.reset}`;
});
console.log(output, COLOR.reset);
42 changes: 0 additions & 42 deletions test/vuln-regex.js

This file was deleted.

0 comments on commit d559fe1

Please sign in to comment.