Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: try to fix CodeQL failure "Polynomial regular expression"

Browse source 
Fix 1:
\d\.?\d* can backtrack catastrophically
\d(\.\d*)? is safer

Fix 2:
Useless parenthesis around "enc:"

Fix 3:
The httpTester regex was misleading. It did not really check for "http".
Simplified to show its true meaning. The behaviour should not have changed.

Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com>
This commit is contained in:
Martin d'Allens 2023-10-11 16:37:02 +02:00
parent 0d6cf4907c
commit 0c59e28c43
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/serve_rendered.js
View file

@ -22,8 +22,8 @@ import { getFontsPbf, getTileUrls, fixTileJSONCenter } from './utils.js';
const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
const PATH_PATTERN =
/^((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))/;
const httpTester = /^(http(s)?:)?\/\//;
/^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|(-?\d+(\.\d*)?,-?\d+(\.\d*)?\|)+(-?\d+(\.\d*)?,-?\d+(\.\d*)?)*)/;
const httpTester = /^\/\//;
const mercator = new SphericalMercator();
const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;