versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-22 08:15:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent ReDoS in extractMeta regex by anchoring to splice boundary

Browse Source 
Co-Authored-By: deepseek-v4-pro <deepseek-ai@claude-code-best.win>
This commit is contained in:
claude-code-best
2026-06-14 17:57:52 +08:00
parent dfa70f6e7d
commit d2d4cb67d2
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/workflow-engine/src/engine/script.ts
View File

@@ -86,10 +86,9 @@ export function extractMeta(source: string): {
const meta = validateMeta(metaObj) const meta = validateMeta(metaObj)
// Strip the meta statement (including trailing semicolon and extra blank lines) // Strip the meta statement (including trailing semicolon and extra blank lines)
const body = (source.slice(0, match.index) + source.slice(i)).replace( const body =
/[ \t]*;[ \t]*\n/, source.slice(0, match.index) +
'\n', source.slice(i).replace(/^[ \t]*;[ \t]*\n/, '\n')
)
return { meta, body } return { meta, body }
} }