Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core] Fix Regular Expression Denial of Service (ReDoS) vulnerabilities #44627

Merged
merged 18 commits into from
Dec 5, 2024
Merged

[core] Fix Regular Expression Denial of Service (ReDoS) vulnerabilities #44627

merged 18 commits into from
Dec 5, 2024

Conversation

SuperMaxine
Copy link
Contributor

@SuperMaxine SuperMaxine commented Dec 2, 2024
edited by mj12albert
Loading

Fixes #44078

@mui-bot
Copy link

mui-bot commented Dec 2, 2024
edited
Loading

Netlify deploy preview

https://deploy-preview-44627--material-ui.netlify.app/

Bundle size report

No bundle size changes (Toolpad)
No bundle size changes

Generated by 🚫 dangerJS against 7a19036

@SuperMaxine SuperMaxine mentioned this pull request Dec 2, 2024
Closed
@zannager zannager added docs Improvements or additions to the documentation performance labels Dec 2, 2024
@zannager zannager requested a review from mj12albert December 2, 2024 14:00
@mj12albert mj12albert changed the title fix Issue44078 [core] Fix Regular Expression Denial of Service (ReDoS) vulnerabilities Dec 3, 2024
mnajdova
mnajdova reviewed Dec 3, 2024
View reviewed changes
Copy link
Member

@mnajdova mnajdova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment above the changed regular expressions would be enough, I wouldn't add tests specifically for a DOS attack. We could add a link to a example of how it can be tested.

@SuperMaxine
Copy link
Contributor Author

A comment above the changed regular expressions would be enough, I wouldn't add tests specifically for a DOS attack. We could add a link to a example of how it can be tested.

Modified as described above, removed the tests and added comment descriptions, not sure how you want to add the link? I think the 4 PoCs in issue #44078 are good enough as examples.

PoC_1.zip
PoC_2.zip
PoC_3.zip
PoC_4.zip

mj12albert
mj12albert approved these changes Dec 5, 2024
View reviewed changes
Copy link
Member

@mj12albert mj12albert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SuperMaxine I've also added a link to the issue as a comment as well, thanks again for working on this ~

@mj12albert mj12albert merged commit b56f4dd into mui:master Dec 5, 2024
22 checks passed
@oliviertassinari oliviertassinari removed the docs Improvements or additions to the documentation label Dec 16, 2024
@oliviertassinari oliviertassinari added core Infrastructure work going on behind the scenes scope: docs-infra Specific to the docs-infra product and removed performance labels Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mnajdova mnajdova mnajdova left review comments

@oliviertassinari oliviertassinari oliviertassinari left review comments

@mj12albert mj12albert mj12albert approved these changes

Assignees
No one assigned
Labels
core Infrastructure work going on behind the scenes scope: docs-infra Specific to the docs-infra product
Projects
None yet
Milestone
No milestone
6 participants
@SuperMaxine @mui-bot @oliviertassinari @mnajdova @mj12albert @zannager