Open
Description
PHP Version
7.4
CodeIgniter4 Version
4.1.1
CodeIgniter4 Installation Method
Manual (zip or tar.gz)
Which operating systems have you tested for this bug?
Windows, Linux
Which server did you use?
apache
Database
No response
What happened?
Was scanning my project with data analysis tool, Sonarcloud and it highlighted that system/Debug/Toolbar/Views/toolbar.js ln631 "The regex used here is vulnerable to super-linear runtime due to backtracking. It can lead to denial of service."
ln631
var patt = /\((?:[^)(]+|\((?:[^)(]+|\([^)(]*\))*\))*\)/;
// recommended solutio
Steps to Reproduce
system/Debug/Toolbar/Views/toolbar.js ln615
Expected Output
ln631
var patt = /\((?:[^)(]+|\((?:[^)(]+|\([^)(]*\))*\))*\)/;
// recommended solution
var patt = /\((?>(?:[^)(]+|\((?>(?:[^)(]+|\([^)(]*\))*+)\))*+)\)/;
Anything else?
I am not sure how to test if the regex actually will prevent backtracking or not. Supposedly the inputs prior are sanitized to prevent backtracking but it would still be good practice to have a secure regex I would imagine.
I will have a PR with the change but I am not sure how to prove that it works.
Edit: line where the regex is found.