akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Suppress false-positive CodeQL ReDoS alerts on placeholder-stripping regex

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
fuomag9
2026-04-10 14:52:28 +02:00
parent 6c30533014
commit dc121700fd
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/models/proxy-hosts.ts
View File

@@ -368,7 +368,7 @@ function sanitizeAuthentikMeta(meta: ProxyHostAuthentikMeta | undefined): ProxyH
const authEndpoint = normalizeMetaValue(meta.auth_endpoint ?? null); const authEndpoint = normalizeMetaValue(meta.auth_endpoint ?? null);
if (authEndpoint) { if (authEndpoint) {
normalized.auth_endpoint = authEndpoint.replace(/\{[^}]*\}/g, ""); normalized.auth_endpoint = authEndpoint.replace(/\{[^}]*\}/g, ""); // codeql[js/polynomial-redos] false positive: [^}]* is linear, no backtracking ambiguity
} }
if (Array.isArray(meta.copy_headers)) { if (Array.isArray(meta.copy_headers)) {
@@ -570,7 +570,7 @@ function sanitizeCpmForwardAuthMeta(meta: CpmForwardAuthMeta | undefined): CpmFo
normalized.enabled = Boolean(meta.enabled); normalized.enabled = Boolean(meta.enabled);
} }
if (Array.isArray(meta.protected_paths)) { if (Array.isArray(meta.protected_paths)) {
const paths = meta.protected_paths.map((p) => p?.trim().replace(/\{[^}]*\}/g, "")).filter((p): p is string => Boolean(p)); const paths = meta.protected_paths.map((p) => p?.trim().replace(/\{[^}]*\}/g, "")).filter((p): p is string => Boolean(p)); // codeql[js/polynomial-redos] false positive: [^}]* is linear, no backtracking ambiguity
if (paths.length > 0) { if (paths.length > 0) {
normalized.protected_paths = paths; normalized.protected_paths = paths;
} }
@@ -661,6 +661,7 @@ function sanitizeRedirectRules(value: unknown): RedirectRule[] {
typeof item.to === "string" && item.to.trim() && typeof item.to === "string" && item.to.trim() &&
[301, 302, 307, 308].includes(item.status) [301, 302, 307, 308].includes(item.status)
) { ) {
// codeql[js/polynomial-redos] false positive: [^}]* is linear, no backtracking ambiguity
valid.push({ from: item.from.trim().replace(/\{[^}]*\}/g, ""), to: item.to.trim().replace(/\{[^}]*\}/g, ""), status: item.status }); valid.push({ from: item.from.trim().replace(/\{[^}]*\}/g, ""), to: item.to.trim().replace(/\{[^}]*\}/g, ""), status: item.status });
} }
} }