From d558320874a4bc8d356babf1079e6f0056a59b9e Mon Sep 17 00:00:00 2001 From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com> Date: Thu, 13 Feb 2025 23:12:31 +0800 Subject: [PATCH] Merge commit from fork --- src/index.ts | 2 +- test/request-error.test.ts | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index 9725588..bbf6198 100644 --- a/src/index.ts +++ b/src/index.ts @@ -49,7 +49,7 @@ export class RequestError extends Error { if (options.request.headers.authorization) { requestCopy.headers = Object.assign({}, options.request.headers, { authorization: options.request.headers.authorization.replace( - / .*$/, + /(? { + test("Test ReDoS - attack string", () => { + const startTime = performance.now(); + const error = new RequestError("Oops", 500, { + request: { + method: "POST", + url: "https://api.github.com/foo", + body: { + bar: "baz", + }, + headers: { + authorization: ""+" ".repeat(100000)+"\n@", + }, + }, + response: { + status: 500, + url: "https://api.github.com/foo", + headers: { + "x-github-request-id": "1:2:3:4", + }, + data: { + foo: "bar", + }, + }, + }); + const endTime = performance.now(); + const elapsedTime = endTime - startTime; + const reDosThreshold = 2000; + + expect(elapsedTime).toBeLessThanOrEqual(reDosThreshold); + if (elapsedTime > reDosThreshold) { + console.warn(`🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(2)} ms, exceeding threshold of ${reDosThreshold} ms.`); + } + }); + test("inherits from Error", () => { const error = new RequestError("test", 123, mockOptions); expect(error).toBeInstanceOf(Error);