mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-23 19:02:29 +03:00
Reverted "Added custom redirects ReDoS validation" (#20614)
Reverts TryGhost/Ghost#20515 This is being reverted due to the validation being run on boot causing custom redirects to not be loaded
This commit is contained in:
parent
15c1c9a76b
commit
63e64686ef
@ -1,7 +1,6 @@
|
||||
const _ = require('lodash');
|
||||
const tpl = require('@tryghost/tpl');
|
||||
const errors = require('@tryghost/errors');
|
||||
const {isSafePattern} = require('redos-detector');
|
||||
|
||||
const messages = {
|
||||
redirectsWrongFormat: 'Incorrect redirects file format.',
|
||||
@ -34,35 +33,18 @@ const validate = (redirects) => {
|
||||
if (!redirect.from || !redirect.to) {
|
||||
throw new errors.ValidationError({
|
||||
message: tpl(messages.redirectsWrongFormat),
|
||||
context: redirect,
|
||||
help: tpl(messages.redirectsHelp)
|
||||
});
|
||||
}
|
||||
|
||||
// Ensure valid regex
|
||||
try {
|
||||
// each 'from' property should be a valid RegExp string
|
||||
new RegExp(redirect.from);
|
||||
} catch (error) {
|
||||
throw new errors.ValidationError({
|
||||
message: tpl(messages.invalidRedirectsFromRegex),
|
||||
errorDetails: {
|
||||
redirect,
|
||||
invalid: true
|
||||
},
|
||||
help: tpl(messages.redirectsHelp)
|
||||
});
|
||||
}
|
||||
|
||||
// Ensure safe regex
|
||||
const analysis = isSafePattern(redirect.from);
|
||||
|
||||
if (analysis.safe === false) {
|
||||
throw new errors.ValidationError({
|
||||
message: tpl(messages.invalidRedirectsFromRegex),
|
||||
errorDetails: {
|
||||
redirect,
|
||||
unsafe: true,
|
||||
reason: analysis.error
|
||||
},
|
||||
context: redirect,
|
||||
help: tpl(messages.redirectsHelp)
|
||||
});
|
||||
}
|
||||
|
@ -219,7 +219,6 @@
|
||||
"node-jose": "2.2.0",
|
||||
"path-match": "1.2.4",
|
||||
"probe-image-size": "7.2.3",
|
||||
"redos-detector": "5.1.0",
|
||||
"rss": "1.2.2",
|
||||
"sanitize-html": "2.13.0",
|
||||
"semver": "7.6.2",
|
||||
|
@ -39,26 +39,6 @@ describe('UNIT: custom redirects validation', function () {
|
||||
should.fail('should have thrown');
|
||||
} catch (err) {
|
||||
err.message.should.equal('Incorrect RegEx in redirects file.');
|
||||
err.errorDetails.redirect.should.equal(config[0]);
|
||||
err.errorDetails.invalid.should.be.true();
|
||||
}
|
||||
});
|
||||
|
||||
it('throws for an invalid redirects config having unsafe RegExp in from field', function () {
|
||||
const config = [{
|
||||
permanent: true,
|
||||
from: '^\/episodes\/([a-z0-9-]+)+\/$', // Unsafe due to the surplus + at the end causing infinite backtracking
|
||||
to: '/'
|
||||
}];
|
||||
|
||||
try {
|
||||
validate(config);
|
||||
should.fail('should have thrown');
|
||||
} catch (err) {
|
||||
err.message.should.equal('Incorrect RegEx in redirects file.');
|
||||
err.errorDetails.redirect.should.equal(config[0]);
|
||||
err.errorDetails.unsafe.should.be.true();
|
||||
err.errorDetails.reason.should.equal('hitMaxBacktracks');
|
||||
}
|
||||
});
|
||||
|
||||
|
14
yarn.lock
14
yarn.lock
@ -27648,13 +27648,6 @@ redis-parser@^3.0.0:
|
||||
dependencies:
|
||||
redis-errors "^1.0.0"
|
||||
|
||||
redos-detector@5.1.0:
|
||||
version "5.1.0"
|
||||
resolved "https://registry.yarnpkg.com/redos-detector/-/redos-detector-5.1.0.tgz#67660c896a48490e80b35557f876a529680f0f8d"
|
||||
integrity sha512-08en/ij0//HwKZdKlelRZGQKmQhmKMQPVJPD+1THfYm64mZhLPOG0NBa47+DrOF53DyaRsCFyD7JHJaYITnt9g==
|
||||
dependencies:
|
||||
regjsparser "0.10.0"
|
||||
|
||||
reflect-metadata@0.1.14:
|
||||
version "0.1.14"
|
||||
resolved "https://registry.yarnpkg.com/reflect-metadata/-/reflect-metadata-0.1.14.tgz#24cf721fe60677146bb77eeb0e1f9dece3d65859"
|
||||
@ -27776,13 +27769,6 @@ regjsgen@^0.2.0:
|
||||
resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.2.0.tgz#6c016adeac554f75823fe37ac05b92d5a4edb1f7"
|
||||
integrity sha512-x+Y3yA24uF68m5GA+tBjbGYo64xXVJpbToBaWCoSNSc1hdk6dfctaRWrNFTVJZIIhL5GxW8zwjoixbnifnK59g==
|
||||
|
||||
regjsparser@0.10.0:
|
||||
version "0.10.0"
|
||||
resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.10.0.tgz#b1ed26051736b436f22fdec1c8f72635f9f44892"
|
||||
integrity sha512-qx+xQGZVsy55CH0a1hiVwHmqjLryfh7wQyF5HO07XJ9f7dQMY/gPQHhlyDkIzJKC+x2fUCpCcUODUUUFrm7SHA==
|
||||
dependencies:
|
||||
jsesc "~0.5.0"
|
||||
|
||||
regjsparser@^0.1.4:
|
||||
version "0.1.5"
|
||||
resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.1.5.tgz#7ee8f84dc6fa792d3fd0ae228d24bd949ead205c"
|
||||
|
Loading…
Reference in New Issue
Block a user