avoid potential RegExp denial-of-service (#5135)

closes #5133
closes #5134

diff --git a/lib/compress.js b/lib/compress.js
index 1cd6c77..a66e72c 100644 (file)
--- a/lib/compress.js
+++ b/lib/compress.js
@@ -11336,7 +11336,7 @@ merge(Compressor.prototype, {
 
     function decode_template(str) {
         var malformed = false;
-        str = str.replace(/\\(u\{[^}]*\}?|u[\s\S]{0,4}|x[\s\S]{0,2}|[0-9]+|[\s\S])/g, function(match, seq) {
+        str = str.replace(/\\(u\{[^{}]*\}?|u[\s\S]{0,4}|x[\s\S]{0,2}|[0-9]+|[\s\S])/g, function(match, seq) {
             var ch = decode_escape_sequence(seq);
             if (typeof ch == "string") return ch;
             malformed = true;

diff --git a/lib/utils.js b/lib/utils.js
index 28c8b43..69c2dcd 100644 (file)
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -143,7 +143,7 @@ function push_uniq(array, el) {
 }
 
 function string_template(text, props) {
-    return text.replace(/\{([^}]+)\}/g, function(str, p) {
+    return text.replace(/\{([^{}]+)\}/g, function(str, p) {
         var value = props[p];
         return value instanceof AST_Node ? value.print_to_string() : value;
     });

diff --git a/test/sandbox.js b/test/sandbox.js
index c0e9e09..84d7b07 100644 (file)
--- a/test/sandbox.js
+++ b/test/sandbox.js
@@ -28,7 +28,7 @@ exports.run_code = semver.satisfies(process.version, "0.8") ? function(code, top
     if ([
         /\basync[ \t]*\([\s\S]*?\)[ \t]*=>/,
         /\b(async[ \t]+function|Promise|setImmediate|setInterval|setTimeout)\b/,
-        /\basync([ \t]+|[ \t]*#|[ \t]*\*[ \t]*)[^\s()[\]{},.&|!~=*%/+-]+(\s*\(|[ \t]*=>)/,
+        /\basync([ \t]+|[ \t]*#|[ \t]*\*[ \t]*)[^\s()[\]{}#,.&|!~=*%/+-]+(\s*\(|[ \t]*=>)/,
     ].some(function(pattern) {
         return pattern.test(code);
     })) {
@@ -51,13 +51,13 @@ exports.same_stdout = semver.satisfies(process.version, "0.12") ? function(expec
 };
 exports.patch_module_statements = function(code) {
     var count = 0, imports = [];
-    code = code.replace(/\bexport(?:\s*\{[^}]*}\s*?(?:$|\n|;)|\s+default\b(?:\s*(\(|\{|class\s*\{|class\s+(?=extends\b)|(?:async\s+)?function\s*(?:\*\s*)?\())?|\b)/g, function(match, header) {
+    code = code.replace(/\bexport(?:\s*\{[^{}]*}\s*?(?:$|\n|;)|\s+default\b(?:\s*(\(|\{|class\s*\{|class\s+(?=extends\b)|(?:async\s+)?function\s*(?:\*\s*)?\())?|\b)/g, function(match, header) {
         if (!header) return "";
         if (header.length == 1) return "0, " + header;
         return header.slice(0, -1) + " _" + ++count + header.slice(-1);
     }).replace(/\bimport\.meta\b/g, function() {
         return '({ url: "https://example.com/path/index.html" })';
-    }).replace(/\bimport\b(?:\s*([^('"]+)\bfrom\b)?\s*(['"]).*?\2(?:$|\n|;)/g, function(match, symbols) {
+    }).replace(/\bimport\b(?:\s*([^\s('"][^('"]*)\bfrom\b)?\s*(['"]).*?\2(?:$|\n|;)/g, function(match, symbols) {
         if (symbols) {
             if (!/^[{*]/.test(symbols)) symbols = "default:" + symbols;
             symbols = symbols.replace(/[{}]/g, "").trim().replace(/\s*,\s*/g, ",");

diff --git a/test/ufuzz/index.js b/test/ufuzz/index.js
index b10367e..c27b82a 100644 (file)
--- a/test/ufuzz/index.js
+++ b/test/ufuzz/index.js
@@ -2350,7 +2350,7 @@ function patch_try_catch(orig, toplevel) {
         tries: [],
     } ];
     var tail_throw = '\nif (typeof UFUZZ_ERROR == "object") throw UFUZZ_ERROR;\n';
-    var re = /(?:(?:^|[\s{}):;])try|}\s*catch\s*\(([^)[{]+)\)|}\s*finally)\s*(?={)/g;
+    var re = /(?:(?:^|[\s{}):;])try|}\s*catch\s*\(([^()[{]+)\)|}\s*finally)\s*(?={)/g;
     while (stack.length) {
         var code = stack[0].code;
         var offset = stack[0].offset;