mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-19 23:48:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix DoS in CSV parser (#1467)

Browse source 
* Fix DoS in CSV parser

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2021-08-31 22:23:18 +02:00 committed by GitHub
parent 553e9f8ead
commit 90ae3c1f76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/components/markdown-renderer/replace-components/csv/csv-parser.ts
View file

@ -4,11 +4,27 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
/**
* Parses a given text as comma separated values (CSV).
*
* @param csvText The raw csv text
* @param csvColumnDelimiter The delimiter for the columns
* @return the values splitted by rows and columns
*/
export const parseCsv = (csvText: string, csvColumnDelimiter: string): string[][] => {
const rows = csvText.split('\n')
if (!rows || rows.length === 0) {
return []
}
const splitRegex = new RegExp(`${csvColumnDelimiter}(?=(?:[^"]*"[^"]*")*[^"]*$)`)
const splitRegex = new RegExp(`${escapeRegexCharacters(csvColumnDelimiter)}(?=(?:[^"]*"[^"]*")*[^"]*$)`)
return rows.filter((row) => row !== '').map((row) => row.split(splitRegex))
}
/**
* Escapes regex characters in the given string so it can be used as literal string in another regex.
* @param unsafe The unescaped string
* @return The escaped string
*/
const escapeRegexCharacters = (unsafe: string): string => {
return unsafe.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
}