Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d558320

Browse files
guiyi-heguiyi-he
authored
Merge commit from fork
1 parent 5046116 commit d558320

2 files changed

Lines changed: 35 additions & 1 deletion

File tree

src/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ export class RequestError extends Error {
4949
if (options.request.headers.authorization) {
5050
requestCopy.headers = Object.assign({}, options.request.headers, {
5151
authorization: options.request.headers.authorization.replace(
52-
/ .*$/,
52+
/(?<! ) .*$/,
5353
" [REDACTED]",
5454
),
5555
});

test/request-error.test.ts

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,40 @@ const mockOptions: RequestErrorOptions = {
1717
};
1818

1919
describe("RequestError", () => {
20+
test("Test ReDoS - attack string", () => {
21+
const startTime = performance.now();
22+
const error = new RequestError("Oops", 500, {
23+
request: {
24+
method: "POST",
25+
url: "https://api.github.com/foo",
26+
body: {
27+
bar: "baz",
28+
},
29+
headers: {
30+
authorization: ""+" ".repeat(100000)+"\n@",
31+
},
32+
},
33+
response: {
34+
status: 500,
35+
url: "https://api.github.com/foo",
36+
headers: {
37+
"x-github-request-id": "1:2:3:4",
38+
},
39+
data: {
40+
foo: "bar",
41+
},
42+
},
43+
});
44+
const endTime = performance.now();
45+
const elapsedTime = endTime - startTime;
46+
const reDosThreshold = 2000;
47+
48+
expect(elapsedTime).toBeLessThanOrEqual(reDosThreshold);
49+
if (elapsedTime > reDosThreshold) {
50+
console.warn(`🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(2)} ms, exceeding threshold of ${reDosThreshold} ms.`);
51+
}
52+
});
53+
2054
test("inherits from Error", () => {
2155
const error = new RequestError("test", 123, mockOptions);
2256
expect(error).toBeInstanceOf(Error);

0 commit comments

Comments
 (0)