From 689d9309f73371f4681191b125ec3f2e14075eeb Mon Sep 17 00:00:00 2001
From: Zola Gonano <zolagonano@protonmail.com>
Date: Tue, 11 Jul 2023 18:54:03 +0000
Subject: [PATCH] Fix ReDos Varnurablity in codemirror library

---
 UiFileManager/media/codemirror/all.js             | 7 ++++++-
 UiFileManager/media/codemirror/mode/javascript.js | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/UiFileManager/media/codemirror/all.js b/UiFileManager/media/codemirror/all.js
index ef2a423..d6033f7 100644
--- a/UiFileManager/media/codemirror/all.js
+++ b/UiFileManager/media/codemirror/all.js
@@ -17366,7 +17366,12 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+        
+        // vulnerable code: https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+        // if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+
+        // Fix: https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+        if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)
diff --git a/UiFileManager/media/codemirror/mode/javascript.js b/UiFileManager/media/codemirror/mode/javascript.js
index 9c751d2..6f64dda 100644
--- a/UiFileManager/media/codemirror/mode/javascript.js
+++ b/UiFileManager/media/codemirror/mode/javascript.js
@@ -126,7 +126,11 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+        // vulnerable code: https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+        //if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+        
+        // Fix: https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+        if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)