Merge pull request #1851 from kleros/fix/regex-dos

jaybuidl · web-flow · commit ec16bb749fa4 · 2025-01-27T14:32:49.000Z
Fix: regex vulnerable to super-linear runtime due to excessive backtracking
diff --git a/web/src/utils/commify.ts b/web/src/utils/commify.ts
@@ -1,7 +1,7 @@
 export function commify(value: string | number): string {
   const comps = String(value).split(".");
 
-  if (!String(value).match(/^-?[0-9]*\.?[0-9]*$/)) {
+  if (!String(value).match(/^-?\d+(\.\d+)?$/)) {
     return "0";
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`export function commify(value: string \| number): string {`
`2`	`2`	`const comps = String(value).split(".");`
`3`	`3`
`4`		`- if (!String(value).match(/^-?[0-9]\.?[0-9]$/)) {`
	`4`	`+ if (!String(value).match(/^-?\d+(\.\d+)?$/)) {`
`5`	`5`	`return "0";`
`6`	`6`	`}`
`7`	`7`