Snyk js braces 6838727 (#40)

* Remove maxSymbols from README * Revert "Merge pull request #37 from coderaiser/fix/vulnerability" This reverts commit a5851e5, reversing changes made to 98414f9. * Lower defaultLength to 10000
micromatch · May 21, 2024 · 415d660 · 415d660 · moeje2024 · Jul 24, 2024
1 parent 190510f
commit 415d660
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 79 deletions.
diff --git a/.verb.md b/.verb.md
@@ -167,7 +167,7 @@ console.log(braces.expand('a{b}c'));
 
 **Type**: `Number`
 
-**Default**: `65,536`
+**Default**: `10,000`
 
 **Description**: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
 

diff --git a/README.md b/README.md
@@ -178,26 +178,14 @@ console.log(braces.expand('a{b}c'));
 
 **Type**: `Number`
 
-**Default**: `65,536`
+**Default**: `10,000`
 
 **Description**: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
 
 ```js
 console.log(braces('a/{b,c}/d', { maxLength: 3 })); //=> throws an error
 ```
 
-### options.maxSymbols
-
-**Type**: `Number`
-
-**Default**: `1024`
-
-**Description**: Limit the count of unique symbols the input string.
-
-```js
-console.log(braces('a/{b,c}/d', { maxSymbols: 2 })); //=> throws an error
-```
-
 ### options.expand
 
 **Type**: `Boolean`

diff --git a/lib/constants.js b/lib/constants.js
@@ -1,8 +1,7 @@
 'use strict';
 
 module.exports = {
-  MAX_LENGTH: 1024 * 64,
-  MAX_SYMBOLS: 1024,
+  MAX_LENGTH: 10000,
 
   // Digits
   CHAR_0: '0', /* 0 */

diff --git a/lib/parse.js b/lib/parse.js
@@ -1,15 +1,13 @@
 'use strict';
 
 const stringify = require('./stringify');
-const {isCorrectBraces, validateInput} = require('./validate-input');
 
 /**
  * Constants
  */
 
 const {
   MAX_LENGTH,
-  MAX_SYMBOLS,
   CHAR_BACKSLASH, /* \ */
   CHAR_BACKTICK, /* ` */
   CHAR_COMMA, /* , */
@@ -36,11 +34,6 @@ const parse = (input, options = {}) => {
   }
 
   let opts = options || {};
-
-  validateInput(input, {
-    maxSymbols: opts.maxSymbols || MAX_SYMBOLS,
-  });
-
   let max = typeof opts.maxLength === 'number' ? Math.min(MAX_LENGTH, opts.maxLength) : MAX_LENGTH;
   if (input.length > max) {
     throw new SyntaxError(`Input length (${input.length}), exceeds max characters (${max})`);
@@ -311,43 +304,30 @@ const parse = (input, options = {}) => {
     push({ type: 'text', value });
   }
 
-  flattenBlocks(stack)
-  markImbalancedBraces(ast);
-  push({ type: 'eos' });
-
-  return ast;
-};
-
-module.exports = parse;
-
-function markImbalancedBraces({nodes}) {
   // Mark imbalanced braces and brackets as invalid
-  for (const node of nodes) {
-    if (!node.nodes && !node.invalid) {
-      if (node.type === 'open') node.isOpen = true;
-      if (node.type === 'close') node.isClose = true;
-      if (!node.nodes) node.type = 'text';
-
-      node.invalid = true;
-    }
-
-    delete node.parent;
-    delete node.prev;
-  }
-}
-
-function flattenBlocks(stack) {
-  let block;
   do {
     block = stack.pop();
 
-    if (block.type === 'root')
-      continue;
+    if (block.type !== 'root') {
+      block.nodes.forEach(node => {
+        if (!node.nodes) {
+          if (node.type === 'open') node.isOpen = true;
+          if (node.type === 'close') node.isClose = true;
+          if (!node.nodes) node.type = 'text';
+          node.invalid = true;
+        }
+      });
 
-    // get the location of the block on parent.nodes (block's siblings)
-    let parent = stack.at(-1);
-    let index = parent.nodes.indexOf(block);
-    // replace the (invalid) block with its nodes
-    parent.nodes.splice(index, 1, ...block.nodes);
+      // get the location of the block on parent.nodes (block's siblings)
+      let parent = stack[stack.length - 1];
+      let index = parent.nodes.indexOf(block);
+      // replace the (invalid) block with it's nodes
+      parent.nodes.splice(index, 1, ...block.nodes);
+    }
   } while (stack.length > 0);
-}
+
+  push({ type: 'eos' });
+  return ast;
+};
+
+module.exports = parse;
diff --git a/lib/validate-input.js b/lib/validate-input.js
diff --git a/test/braces.parse.js b/test/braces.parse.js
@@ -10,16 +10,6 @@ describe('braces.parse()', () => {
       let MAX_LENGTH = 1024 * 64;
       assert.throws(() => parse('.'.repeat(MAX_LENGTH + 2)));
     });
-    it('should throw an error when symbols exceeds max symbols count default', () => {
-      let SYMBOLS= 1024;
-      assert.throws(() => parse('.'.repeat(MAX_SYMBOLS * 2)));
-    });
-    it('should throw an error when symbols exceeds max symbols count ', () => {
-      let SYMBOLS= 2;
-      assert.throws(() => parse('...', {
-        maxSymbols: 2,
-      }));
-    });
   });
 
   describe('valid', () => {