[core] Fix Regular Expression Denial of Service (ReDoS) vulnerabiliti…

…es (mui#44627) Co-authored-by: Albert Yu <albert@albertyu.co>
samuelsycamore · Dec 5, 2024 · b56f4dd · b56f4dd
1 parent 9057a52
commit b56f4dd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/docs/src/modules/components/Demo.js b/docs/src/modules/components/Demo.js
@@ -473,7 +473,9 @@ export default function Demo(props) {
         `The following demos use TS directly: ${demoOptions.demo}.`,
         '',
         'Please run "pnpm docs:typescript:formatted" to generate a JS version and reference it:',
-        `{{"demo": "${demoOptions.demo.replace(/\.(.*)$/, '.js')}", …}}.`,
+        // This regex intentionally excludes the dot character in the Kleene star to prevent ReDoS
+        // See https://github.com/mui/material-ui/issues/44078
+        `{{"demo": "${demoOptions.demo.replace(/\.([^.]*)$/, '.js')}", …}}.`,
         '',
         "Otherwise, if it's not a code demo hide the toolbar:",
         `{{"demo": "${demoOptions.demo}", "hideToolbar": true, …}}.`,

diff --git a/packages/markdown/parseMarkdown.js b/packages/markdown/parseMarkdown.js
@@ -209,7 +209,11 @@ function getCodeblock(content) {
   if (!content.startsWith('<codeblock')) {
     return undefined;
   }
-  const storageKey = content.match(/^<codeblock [^>]*storageKey=["|'](\S*)["|'].*>/m)?.[1];
+  // The regexes below have a negative lookahead to prevent ReDoS
+  // See https://github.com/mui/material-ui/issues/44078
+  const storageKey = content.match(
+    /^<codeblock (?!<codeblock )[^>]*storageKey=["|'](?!storageKey=["|'])(\S*)["|'].*>/m,
+  )?.[1];
   const blocks = [...content.matchAll(/^```(\S*) (\S*)\n(.*?)\n```/gmsu)].map(
     ([, language, tab, code]) => ({ language, tab, code }),
   );

diff --git a/packages/mui-codemod/src/v5.0.0/root-ref.js b/packages/mui-codemod/src/v5.0.0/root-ref.js
@@ -2,10 +2,12 @@
  * @param {import('jscodeshift').FileInfo} file
  */
 export default function transformer(file) {
+  // The regexes below have a negative lookahead to prevent ReDoS
+  // See https://github.com/mui/material-ui/issues/44078
   return file.source
-    .replace(/\n?import.*core\/RootRef['"];?/gm, '')
+    .replace(/\n?import(?!import).*core\/RootRef['"];?/gm, '')
     .replace(/\n?import {\s?RootRef\s?} from ['"]@material-ui\/core\/?['"];?/gm, '')
     .replace(/({.*)(RootRef,?)(.*})/gm, '$1$3')
-    .replace(/<RootRef.*>/gm, '<>')
+    .replace(/<RootRef(?!<RootRef).*>/gm, '<>')
     .replace(/<\/RootRef>/gm, '</>');
 }