From 6a3adf73dacaeda073674ac4a10e8a2597e67739 Mon Sep 17 00:00:00 2001 From: Vadim Kibana <82822460+vadimkibana@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:52:05 +0200 Subject: [PATCH] [ES|QL] Harden regular expressions (#193247) ## Summary Partially addresses https://github.com/elastic/kibana-team/issues/1087 - Changes a regex from "polynomial" complexity to "safe". - Removes a regex in favor or plain JS string manipulation. --- packages/kbn-esql-ast/src/antlr_error_listener.ts | 2 +- packages/kbn-text-based-editor/src/helpers.ts | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/packages/kbn-esql-ast/src/antlr_error_listener.ts b/packages/kbn-esql-ast/src/antlr_error_listener.ts index e685dfe3473ba..5bd02b3b74eb9 100644 --- a/packages/kbn-esql-ast/src/antlr_error_listener.ts +++ b/packages/kbn-esql-ast/src/antlr_error_listener.ts @@ -12,7 +12,7 @@ import { ErrorListener } from 'antlr4'; import type { EditorError } from './types'; import { getPosition } from './ast_position_utils'; -const REPLACE_DEV = /,*\s*DEV_\w+\s*/g; +const REPLACE_DEV = /,{0,1}(? { protected errors: EditorError[] = []; diff --git a/packages/kbn-text-based-editor/src/helpers.ts b/packages/kbn-text-based-editor/src/helpers.ts index fb541c4fe39be..0ba6d5004606f 100644 --- a/packages/kbn-text-based-editor/src/helpers.ts +++ b/packages/kbn-text-based-editor/src/helpers.ts @@ -77,12 +77,14 @@ export const parseWarning = (warning: string): MonacoMessage[] => { startColumn = Number(encodedColumn); startLineNumber = Number(encodedLine.replace('Line ', '')); } - // extract the length of the "expression" within the message - // and try to guess the correct size for the editor marker to highlight - if (/\[.*\]/.test(warningMessage)) { - const [_, wordWithError] = warningMessage.split('['); - if (wordWithError) { - errorLength = wordWithError.length; + const openingSquareBracketIndex = warningMessage.indexOf('['); + if (openingSquareBracketIndex !== -1) { + const closingSquareBracketIndex = warningMessage.indexOf( + ']', + openingSquareBracketIndex + ); + if (closingSquareBracketIndex !== -1) { + errorLength = warningMessage.length - openingSquareBracketIndex - 1; } } }