feat(core): regex engine naming and test suit (DIYgod#10014)

* feat(core): regex engine config * fix(docs): config naming * filter-engine test naming
tc9011 · Jun 22, 2022 · dc64deb · dc64deb
1 parent e4478a3
commit dc64deb
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 7 deletions.
diff --git a/docs/en/install/README.md b/docs/en/install/README.md
@@ -557,7 +557,7 @@ Configs in this sections are in beta stage, and are turn off by default. Please
 
 `ALLOW_USER_HOTLINK_TEMPLATE`: [Parameters->Multimedia processing](/en/parameter.html#multimedia-processing)
 
-`FILTER_REGEX_ENGINE`: Define Regex engine used in [Parameters->filtering](/en/parameter.html#filtering). Valid value are `[re, regexp]`. Default value is `re`. We suggest public instance should leave this value to default, and this option right now is mainly for backward compatibility.
+`FILTER_REGEX_ENGINE`: Define Regex engine used in [Parameters->filtering](/en/parameter.html#filtering). Valid value are `[re2, regexp]`. Default value is `re2`. We suggest public instance should leave this value to default, and this option right now is mainly for backward compatibility.
 
 ### Other Application Configurations
 

diff --git a/docs/en/parameter.md b/docs/en/parameter.md
@@ -28,7 +28,7 @@ Please make sure you've [fully URL-encoded](https://gchq.github.io/CyberChef/#re
 
 ::: warning Warning
 
-filter supports Regex, and due to the fact that some Regex are vulnerable to DoS (ReDoS), default engine `re` blocks some of these functionalities available in node `Regexp`. These two engines also behaves a bit different in some corner cases. [Details](https://github.com/uhop/node-re2#limitations-things-re2-does-not-support)
+filter supports Regex, and due to the fact that some Regex are vulnerable to DoS (ReDoS), default engine `re2` blocks some of these functionalities available in node `Regexp`. These two engines also behaves a bit different in some corner cases. [Details](https://github.com/uhop/node-re2#limitations-things-re2-does-not-support)
 
 
 If you need to use a different engine, please refer to [Deploy->Features->FILTER_REGEX_ENGINE](/en/install/#configuration-features).

diff --git a/docs/install/README.md b/docs/install/README.md
@@ -563,7 +563,7 @@ RSSHub 支持使用访问密钥 / 码，白名单和黑名单三种方式进行
 
 `ALLOW_USER_HOTLINK_TEMPLATE`: [通用参数 -> 多媒体处理](/parameter.html#duo-mei-ti-chu-li)特性控制
 
-`FILTER_REGEX_ENGINE`: 控制 [通用参数 -> 内容过滤](/parameter.html#nei-rong-guo-lu) 使用的正则引擎。可选`[re, regexp]`，默认`re`。我们推荐公开实例不要调整这个选项，这个选项目前主要用于向后兼容。
+`FILTER_REGEX_ENGINE`: 控制 [通用参数 -> 内容过滤](/parameter.html#nei-rong-guo-lu) 使用的正则引擎。可选`[re2, regexp]`，默认`re2`。我们推荐公开实例不要调整这个选项，这个选项目前主要用于向后兼容。
 
 ### 其他应用配置
 

diff --git a/docs/parameter.md b/docs/parameter.md
@@ -28,7 +28,7 @@
 
 ::: warning 注意
 
-filter 支持正则表达式。由于正则部分特性可被利用于 DoS (ReDOS)，默认引擎`RE`屏蔽了部分`Regexp`功能，且在部分情况下表现不一致。具体差异可以[查看文档](https://github.com/uhop/node-re2#limitations-things-re2-does-not-support)
+filter 支持正则表达式。由于正则部分特性可被利用于 DoS (ReDOS)，默认引擎`re2`屏蔽了部分`Regexp`功能，且在部分情况下表现不一致。具体差异可以[查看文档](https://github.com/uhop/node-re2#limitations-things-re2-does-not-support)
 
 如果需要指定不同的引擎，请参考[功能特性 -> FILTER_REGEX_ENGINE](install/#pei-zhi-gong-neng-te-xing)。
 

diff --git a/lib/config.js b/lib/config.js
@@ -93,7 +93,7 @@ const calculateValue = () => {
         },
         feature: {
             allow_user_hotlink_template: envs.ALLOW_USER_HOTLINK_TEMPLATE === 'true',
-            filter_regex_engine: envs.FILTER_REGEX_ENGINE || 're',
+            filter_regex_engine: envs.FILTER_REGEX_ENGINE || 're2',
         },
         suffix: envs.SUFFIX,
         titleLengthLimit: parseInt(envs.TITLE_LENGTH_LIMIT) || 150,

diff --git a/lib/middleware/parameter.js b/lib/middleware/parameter.js
@@ -157,7 +157,7 @@ module.exports = async (ctx, next) => {
                     switch (engine) {
                         case 'regexp':
                             return new RegExp(string, 'i');
-                        case 're':
+                        case 're2':
                             return new RE2(string, 'i');
                         default:
                             throw Error(`Invalid Engine Value: ${engine}, please check your config.`);
@@ -166,7 +166,7 @@ module.exports = async (ctx, next) => {
                     switch (engine) {
                         case 'regexp':
                             return new RegExp(string);
-                        case 're':
+                        case 're2':
                             return new RE2(string);
                         default:
                             throw Error(`Invalid Engine Value: ${engine}, please check your config.`);

diff --git a/test/middleware/filter-engine.js b/test/middleware/filter-engine.js
@@ -0,0 +1,47 @@
+const supertest = require('supertest');
+jest.mock('request-promise-native');
+jest.setTimeout(50000);
+
+afterAll(() => {
+    delete process.env.FILTER_REGEX_ENGINE;
+});
+
+afterEach(() => {
+    delete process.env.FILTER_REGEX_ENGINE;
+    jest.resetModules();
+});
+
+describe('filter-engine', () => {
+    it(`filter RE2 engine ReDoS attack`, async () => {
+        const server = require('../../lib/index');
+        const request = supertest(server);
+
+        const response = await request.get('/test/1?filter=abc(%3F%3Ddef)');
+        expect(response.status).toBe(404);
+        expect(response.text).toMatch(/SyntaxError/);
+        server.close();
+    });
+
+    it(`filter Regexp engine backward compatibility`, async () => {
+        process.env.FILTER_REGEX_ENGINE = 'regexp';
+
+        const server = require('../../lib/index');
+        const request = supertest(server);
+
+        const response = await request.get('/test/1?filter=abc(%3F%3Ddef)');
+        expect(response.status).toBe(200);
+        server.close();
+    });
+
+    it(`filter Regexp engine test config`, async () => {
+        process.env.FILTER_REGEX_ENGINE = 'somethingelse';
+
+        const server = require('../../lib/index');
+        const request = supertest(server);
+
+        const response = await request.get('/test/1?filter=abc(%3F%3Ddef)');
+        expect(response.status).toBe(404);
+        expect(response.text).toMatch(/somethingelse/);
+        server.close();
+    });
+});