pm2 icon indicating copy to clipboard operation
pm2 copied to clipboard
verified publisher icon Unitech

fix:ReDoS fix about pull/5971 and issues/6031

Open mmmsssttt404 opened this issue 3 months ago • 2 comments

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #1234, #5678
License MIT
Doc PR https://github.com/Unitech/pm2/pull/5971

https://github.com/Unitech/pm2/pull/5971 https://github.com/Unitech/pm2/issues/6031 Sorry for the impact on you, this was caused by an extra space,We modified it and made it more consistent with the original regex Regex Change to

(?<![\w\-])([\w\-]+\="[^"]*")|(?<![\w\-])([\w\-]+\='[^']*')|"([^"]*)"|'([^']*)'|\s
1b8321137c2c6303224ee6b97099ba6 036d78f59b83eb3281ef4ab69deb65b 58ea4378766d19c0cd53dd71c67dc32

https://github.com/mmmsssttt404/pm2/blob/1e0e96c5257041bc19b1fd796ea455c4085bec6e/lib/tools/Config.js#L203-L205 屏幕截图 2025-09-03 104716

{7637AE83-E457-4994-86FB-52BF0403BEAA}

I'm deeply sorry for the errors I introduced in the code changes. My original intention was to fix Redos, but it caused a bug. In the future, I will be more cautious and fully verify before making any changes.

mmmsssttt404 avatar Sep 03 '25 03:09 mmmsssttt404

{4EEAE694-A32F-490A-A4CB-58A593931609} {7EB0BDB3-467E-4913-907B-DD1FF1575869}

mmmsssttt404 avatar Sep 03 '25 03:09 mmmsssttt404

{08F62FE6-BFC8-43D9-84C9-E90FBFB7E1C1} I add one test in https://github.com/mmmsssttt404/pm2/blob/master/test/programmatic/json_validation.mocha.js to test https://github.com/Unitech/pm2/issues/6031 this problem

mmmsssttt404 avatar Sep 03 '25 03:09 mmmsssttt404