github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 02:51:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden regex compilation for filters and redaction

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-23 23:54:46 +00:00
parent e6484cb65f
commit a2dfe9879f
8 changed files with 238 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/security/safe-regex.test.ts Normal file
View File

@@ -0,0 +1,26 @@
import { describe, expect, it } from "vitest";
import { compileSafeRegex, hasNestedRepetition } from "./safe-regex.js";
describe("safe regex", () => {
it("flags nested repetition patterns", () => {
expect(hasNestedRepetition("(a+)+$")).toBe(true);
expect(hasNestedRepetition("^(?:foo|bar)$")).toBe(false);
});
it("rejects unsafe nested repetition during compile", () => {
expect(compileSafeRegex("(a+)+$")).toBeNull();
});
it("compiles common safe filter regex", () => {
const re = compileSafeRegex("^agent:.*:discord:");
expect(re).toBeInstanceOf(RegExp);
expect(re?.test("agent:main:discord:channel:123")).toBe(true);
expect(re?.test("agent:main:telegram:channel:123")).toBe(false);
});
it("supports explicit flags", () => {
const re = compileSafeRegex("token=([A-Za-z0-9]+)", "gi");
expect(re).toBeInstanceOf(RegExp);
expect("TOKEN=abcd1234".replace(re as RegExp, "***")).toBe("***");
});
});