fix: change regex to avoid redos attacks

joolfe · Nov 6, 2022 · 8bda41f · 8bda41f
1 parent b222ce4
commit 8bda41f
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -46,7 +46,8 @@ async function postmanToOpenApi (input, output, {
       const { path, query, protocol, host, port, valid, pathVars } = scrapeURL(url)
       if (valid) {
         // Remove from name the possible operation id between brackets
-        const summary = name.replace(/ \[(.*?)\]/gi, '')
+        // eslint-disable-next-line no-useless-escape
+        const summary = name.replace(/ \[([^\[\]]*)\]/gi, '')
         domains.add(calculateDomains(protocol, host, port))
         const joinedPath = calculatePath(path, pathDepth)
         if (!paths[joinedPath]) paths[joinedPath] = {}
@@ -630,7 +631,8 @@ function calculateOperationId (mode, name, summary) {
       operationId = camelCase(summary)
       break
     case 'brackets': {
-      const matches = name.match(/\[([^()]*)\]/)
+      // eslint-disable-next-line no-useless-escape
+      const matches = name.match(/\[([^\[\]]*)\]/)
       operationId = matches ? matches[1] : undefined
       break
     }