Snyk js braces 6838727 (#40)

* Remove maxSymbols from README * Revert "Merge pull request #37 from coderaiser/fix/vulnerability" This reverts commit a5851e5, reversing changes made to 98414f9. * Lower defaultLength to 10000
micromatch · May 21, 2024 · 415d660 · 415d660
1 parent 190510f
commit 415d660
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 79 deletions.
diff --git a/.verb.md b/.verb.md
@@ -167,7 +167,7 @@ console.log(braces.expand('a{b}c'));
 
 **Type**: `Number`
 
-**Default**: `65,536`
+**Default**: `10,000`
 
 **Description**: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
 

diff --git a/README.md b/README.md
@@ -178,26 +178,14 @@ console.log(braces.expand('a{b}c'));
 
 **Type**: `Number`
 
-**Default**: `65,536`
+**Default**: `10,000`
 
 **Description**: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
 
 ```js
 console.log(braces('a/{b,c}/d', { maxLength: 3 })); //=> throws an error
 ```
 
-### options.maxSymbols
-
-**Type**: `Number`
-
-**Default**: `1024`
-
-**Description**: Limit the count of unique symbols the input string.
-
-```js
-console.log(braces('a/{b,c}/d', { maxSymbols: 2 })); //=> throws an error
-```
-
 ### options.expand
 
 **Type**: `Boolean`

diff --git a/lib/constants.js b/lib/constants.js
@@ -1,8 +1,7 @@
 'use strict';
 
 module.exports = {
- MAX_LENGTH: 1024 * 64,
- MAX_SYMBOLS: 1024,
+ MAX_LENGTH: 10000,
 
  // Digits
  CHAR_0: '0', /* 0 */

diff --git a/lib/parse.js b/lib/parse.js
@@ -1,15 +1,13 @@
 'use strict';
 
 const stringify = require('./stringify');
-const {isCorrectBraces, validateInput} = require('./validate-input');
 
 /**
  * Constants
  */
 
 const {
  MAX_LENGTH,
- MAX_SYMBOLS,
  CHAR_BACKSLASH, /* \ */
  CHAR_BACKTICK, /* ` */
  CHAR_COMMA, /* , */
@@ -36,11 +34,6 @@ const parse = (input, options = {}) => {
  }
 
  let opts = options || {};
-
- validateInput(input, {
- maxSymbols: opts.maxSymbols || MAX_SYMBOLS,
- });
-
  let max = typeof opts.maxLength === 'number' ? Math.min(MAX_LENGTH, opts.maxLength) : MAX_LENGTH;
  if (input.length > max) {
  throw new SyntaxError(`Input length (${input.length}), exceeds max characters (${max})`);
@@ -311,43 +304,30 @@ const parse = (input, options = {}) => {
  push({ type: 'text', value });
  }
 
- flattenBlocks(stack)
- markImbalancedBraces(ast);
- push({ type: 'eos' });
-
- return ast;
-};
-
-module.exports = parse;
-
-function markImbalancedBraces({nodes}) {
  // Mark imbalanced braces and brackets as invalid
- for (const node of nodes) {
- if (!node.nodes && !node.invalid) {
- if (node.type === 'open') node.isOpen = true;
- if (node.type === 'close') node.isClose = true;
- if (!node.nodes) node.type = 'text';
-
- node.invalid = true;
- }
-
- delete node.parent;
- delete node.prev;
- }
-}
-
-function flattenBlocks(stack) {
- let block;
  do {
  block = stack.pop();
 
- if (block.type === 'root')
- continue;
+ if (block.type !== 'root') {
+ block.nodes.forEach(node => {
+ if (!node.nodes) {
+ if (node.type === 'open') node.isOpen = true;
+ if (node.type === 'close') node.isClose = true;
+ if (!node.nodes) node.type = 'text';
+ node.invalid = true;
+ }
+ });
 
- // get the location of the block on parent.nodes (block's siblings)
- let parent = stack.at(-1);
- let index = parent.nodes.indexOf(block);
- // replace the (invalid) block with its nodes
- parent.nodes.splice(index, 1, ...block.nodes);
+ // get the location of the block on parent.nodes (block's siblings)
+ let parent = stack[stack.length - 1];
+ let index = parent.nodes.indexOf(block);
+ // replace the (invalid) block with it's nodes
+ parent.nodes.splice(index, 1, ...block.nodes);
+ }
  } while (stack.length > 0);
-}
+
+ push({ type: 'eos' });
+ return ast;
+};
+
+module.exports = parse;
diff --git a/lib/validate-input.js b/lib/validate-input.js
diff --git a/test/braces.parse.js b/test/braces.parse.js
@@ -10,16 +10,6 @@ describe('braces.parse()', () => {
  let MAX_LENGTH = 1024 * 64;
  assert.throws(() => parse('.'.repeat(MAX_LENGTH + 2)));
  });
- it('should throw an error when symbols exceeds max symbols count default', () => {
- let SYMBOLS= 1024;
- assert.throws(() => parse('.'.repeat(MAX_SYMBOLS * 2)));
- });
- it('should throw an error when symbols exceeds max symbols count ', () => {
- let SYMBOLS= 2;
- assert.throws(() => parse('...', {
- maxSymbols: 2,
- }));
- });
  });
 
  describe('valid', () => {