From 0c59e28c431a7ef9e684a9913f18a462235723f5 Mon Sep 17 00:00:00 2001
From: Martin d'Allens <martin.dallens@liberty-rider.com>
Date: Wed, 11 Oct 2023 16:37:02 +0200
Subject: [PATCH] chore: try to fix CodeQL failure "Polynomial regular
 expression"

Fix 1:
\d\.?\d* can backtrack catastrophically
\d(\.\d*)? is safer

Fix 2:
Useless parenthesis around "enc:"

Fix 3:
The httpTester regex was misleading. It did not really check for "http".
Simplified to show its true meaning. The behaviour should not have changed.

Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com>
---
 src/serve_rendered.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/serve_rendered.js b/src/serve_rendered.js
index 9b70ddd..e7a0b5f 100644
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@@ -22,8 +22,8 @@ import { getFontsPbf, getTileUrls, fixTileJSONCenter } from './utils.js';
 
 const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
 const PATH_PATTERN =
-  /^((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))/;
-const httpTester = /^(http(s)?:)?\/\//;
+  /^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|(-?\d+(\.\d*)?,-?\d+(\.\d*)?\|)+(-?\d+(\.\d*)?,-?\d+(\.\d*)?)*)/;
+const httpTester = /^\/\//;
 
 const mercator = new SphericalMercator();
 const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;