Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add backtrack protection to 6.x #324

Merged
merged 3 commits into from
Sep 12, 2024
Merged

Add backtrack protection to 6.x #324

merged 3 commits into from
Sep 12, 2024

Conversation

blakeembrey
Copy link
Member

@blakeembrey blakeembrey commented Sep 12, 2024
edited
Loading

Closes #323. It will likely break some existing routes around the edge cases, but it should eliminate the vulnerability when the pattern isn't specified.

@blakeembrey blakeembrey changed the base branch from master to 6.x September 12, 2024 00:27
@blakeembrey blakeembrey force-pushed the be/6.x-backtrack-protection branch from bf0365b to b891ab9 Compare September 12, 2024 00:28
@codecov Codecov
Copy link

codecov bot commented Sep 12, 2024

Codecov Report

Attention: Patch coverage is 41.66667% with 28 lines in your changes missing coverage. Please review.

Project coverage is 95.61%. Comparing base (28a5b27) to head (a1cfa60).

Files with missing lines Patch % Lines
redos.ts 0.00% 20 Missing and 1 partial ⚠️
src/index.ts 74.07% 7 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##               6.x     #324      +/-   ##
===========================================
- Coverage   100.00%   95.61%   -4.39%     
===========================================
  Files            1        2       +1     
  Lines          621      662      +41     
  Branches       140      145       +5     
===========================================
+ Hits           621      633      +12     
- Misses           0       28      +28     
- Partials         0        1       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@blakeembrey blakeembrey merged commit f1253b4 into 6.x Sep 12, 2024
4 checks passed
@blakeembrey blakeembrey deleted the be/6.x-backtrack-protection branch September 12, 2024 01:08
@iambumblehead iambumblehead mentioned this pull request Sep 12, 2024
Closed
@jusemon jusemon mentioned this pull request Sep 12, 2024
Closed
@MaikoTan MaikoTan mentioned this pull request Sep 12, 2024
Closed
@alenovik alenovik mentioned this pull request Sep 12, 2024
Merged
@svozza svozza mentioned this pull request Sep 12, 2024
Closed
4 tasks
@s100 s100 mentioned this pull request Sep 12, 2024
Closed
@DaniFoldi DaniFoldi mentioned this pull request Sep 12, 2024
Merged
12 tasks
@mabaasit mabaasit mentioned this pull request Sep 12, 2024
Merged
11 tasks
@brc-dd brc-dd mentioned this pull request Oct 9, 2024
Closed
@parseplatformorg parseplatformorg mentioned this pull request Nov 9, 2024
Closed
@pfdgithub pfdgithub mentioned this pull request Dec 9, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

apply backtrack protection to version 6.x because of @koa/router
1 participant
@blakeembrey