Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid ReDOS on table paste #89

Merged
merged 1 commit into from
Aug 10, 2023
Merged

Avoid ReDOS on table paste #89

merged 1 commit into from
Aug 10, 2023

Conversation

theinterned
Copy link
Contributor

@theinterned theinterned commented Aug 4, 2023
edited by joshblack
Loading

Resolves https://github.com/github/primer/issues/2532

This came in from a support escalation: it is possible to create a ReDOS crash on paste of a table with a (fairly contrived) clipboard contents. Thanks @P0cas for reporting this!

The crash is due to a Catastrophic Backtracking regex in the table plugin, which is triggered by the following clipboard contents:

example.oncopy = e => {
  e.preventDefault()
  const badTable = '<table'.repeat(99999) + '<div><table></div>'
  e.clipboardData.setData('text/html', badTable)
}

While the problem is contrived the fix is fairly simple: rather than use a regex to insert the formatted table, we can just splice it in directly.

@theinterned
avoid regex for tag content footgun
6d83312 
using regex to try to select the content fo the table was leading to runaway catastprohic backtracking.

the simple solution is to just do string substring selection and insertion on the start and end tag
@theinterned theinterned force-pushed the ns/avoid-redos-on-table-paste branch from b288579 to 6d83312 Compare August 4, 2023 22:19
@theinterned theinterned marked this pull request as ready for review August 4, 2023 22:20
@theinterned theinterned requested a review from a team as a code owner August 4, 2023 22:20
@primer-css
Copy link

👋 Hello and thanks for pinging us! This issue or PR has been added to our inbox and a Primer first responder will review it soon.

  • 🎨 If this is a PR that includes a visual change, please make sure to add screenshots in the description or deploy this code to a lab machine with instructions for how to test.
  • If this is a PR that includes changes to an interaction, please include a video recording in the description.
  • ⚠️ If this is urgent, please visit us in #primer on Slack and tag the first responders listed in the channel topic.

joshblack
joshblack approved these changes Aug 7, 2023
View reviewed changes
Copy link

@joshblack joshblack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this! 🙌

@P0cas
Copy link

P0cas commented Aug 8, 2023

thanks 😊

@joshblack joshblack merged commit 6657ec6 into github:main Aug 10, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshblack joshblack joshblack approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@theinterned @primer-css @P0cas @joshblack