Skip to content

Commit c9247f5

Browse files
decyjphrdecyjphr
authored
fix code scanning alerts (#669)
* fix alerts * fix alerts * fix alerts * fix alerts * add tests and simplify Glob * fix import to lowercase file * removed debugging code
1 parent fc5b693 commit c9247f5

File tree

4 files changed

+101
-6
lines changed

4 files changed

+101
-6
lines changed

lib/glob.js

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,24 @@
11
class Glob {
22
constructor (glob) {
33
this.glob = glob
4-
const regexptex = glob.replace(/\//g, '\\/').replace(/\?/g, '([^\\/])').replace(/\./g, '\\.').replace(/\*/g, '([^\\/]*)')
5-
this.regexp = new RegExp(`^${regexptex}$`, 'u')
4+
5+
// If not a glob pattern then just match the string.
6+
if (!this.glob.includes('*')) {
7+
this.regexp = new RegExp(`.*${this.glob}.*`, 'u')
8+
return
9+
}
10+
this.regexptText = this.globize(this.glob)
11+
this.regexp = new RegExp(`^${this.regexptText}$`, 'u')
12+
}
13+
14+
globize (glob) {
15+
return glob
16+
.replace(/\\/g, '\\\\') // escape backslashes
17+
.replace(/\//g, '\\/') // escape forward slashes
18+
.replace(/\./g, '\\.') // escape periods
19+
.replace(/\?/g, '([^\\/])') // match any single character except /
20+
.replace(/\*\*/g, '.+') // match any character except /, including /
21+
.replace(/\*/g, '([^\\/]*)') // match any character except /
622
}
723

824
toString () {

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,16 @@
2727
"deepmerge": "^4.3.1",
2828
"eta": "^3.0.3",
2929
"js-yaml": "^4.1.0",
30+
"lodash": "^4.17.21",
3031
"node-cron": "^3.0.2",
3132
"octokit": "^3.1.2",
3233
"probot": "^12.3.3"
3334
},
3435
"devDependencies": {
36+
"@eslint/eslintrc": "^2.0.2",
3537
"@travi/any": "^2.1.8",
3638
"check-engine": "^1.10.1",
3739
"eslint": "^8.46.0",
38-
"@eslint/eslintrc": "^2.0.2",
3940
"eslint-config-standard": "^17.1.0",
4041
"eslint-plugin-import": "^2.29.1",
4142
"eslint-plugin-node": "^11.1.0",
@@ -83,4 +84,4 @@
8384
"."
8485
]
8586
}
86-
}
87+
}

test/unit/lib/glob.test.ts

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
const Glob = require('../../../lib/glob')
2+
3+
describe('glob test', function () {
4+
5+
test('Test Glob **', () => {
6+
let pattern = new Glob('**/xss')
7+
let str = 'test/web/xss'
8+
expect(str.search(pattern)>=0).toBeTruthy()
9+
str = 'test/web/xsssss'
10+
expect(str.search(pattern)>=0).toBeFalsy()
11+
12+
pattern = new Glob('**/*.txt')
13+
str = 'sub/3.txt'
14+
expect(str.search(pattern)>=0).toBeTruthy()
15+
str = '/sub1/sub2/sub3/3.txt'
16+
expect(str.search(pattern)>=0).toBeTruthy()
17+
18+
pattern = new Glob('**/csrf-protection-disabled')
19+
str = 'java/csrf-protection-disabled'
20+
expect(str.search(pattern)>=0).toBeTruthy()
21+
str = '/java/test/csrf-protection-disabled'
22+
expect(str.search(pattern)>=0).toBeTruthy()
23+
})
24+
25+
test('Test Glob *', () => {
26+
let str = 'web/xss'
27+
let pattern = new Glob('*/xss')
28+
expect(str.search(pattern)>=0).toBeTruthy()
29+
30+
pattern = new Glob('./[0-9].*')
31+
str = './1.gif'
32+
expect(str.search(pattern)>=0).toBeTruthy()
33+
str = './2.gif'
34+
expect(str.search(pattern)>=0).toBeTruthy()
35+
str = './2.'
36+
expect(str.search(pattern)>=0).toBeTruthy()
37+
38+
pattern = new Glob('*/csrf-protection-disabled')
39+
str = 'java/csrf-protection-disabled'
40+
expect(str.search(pattern)>=0).toBeTruthy()
41+
str = 'rb/csrf-protection-disabled'
42+
expect(str.search(pattern)>=0).toBeTruthy()
43+
44+
pattern = new Glob('*/hardcoded-credential*')
45+
str = 'java/csrf-protection-disabled'
46+
expect(str.search(pattern)>=0).toBeFalsy()
47+
str = 'rb/csrf-protection-disabled'
48+
expect(str.search(pattern)>=0).toBeFalsy()
49+
str = 'cs/hardcoded-credentials'
50+
expect(str.search(pattern)>=0).toBeTruthy()
51+
str = 'java/hardcoded-credential-api-call'
52+
expect(str.search(pattern)>=0).toBeTruthy()
53+
54+
})
55+
56+
test('Test Glob no *', () => {
57+
let pattern = new Glob('csrf-protection-disabled')
58+
let str = 'java/hardcoded-credential-api-call'
59+
expect(str.search(pattern)>=0).toBeFalsy()
60+
str = 'cs/test/hardcoded-credentials'
61+
expect(str.search(pattern)>=0).toBeFalsy()
62+
str = 'rb/csrf-protection-disabled'
63+
expect(str.search(pattern)>=0).toBeTruthy()
64+
str = 'java/csrf-protection-disabled'
65+
expect(str.search(pattern)>=0).toBeTruthy()
66+
67+
pattern = new Glob('csrf')
68+
str = 'java/hardcoded-credential-api-call'
69+
expect(str.search(pattern)>=0).toBeFalsy()
70+
str = 'cs/test/hardcoded-credentials'
71+
expect(str.search(pattern)>=0).toBeFalsy()
72+
str = 'rb/csrf-protection-disabled'
73+
expect(str.search(pattern)>=0).toBeTruthy()
74+
str = 'java/csrf-protection-disabled'
75+
expect(str.search(pattern)>=0).toBeTruthy()
76+
})
77+
78+
})

0 commit comments

Comments
 (0)