matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security Fix: mitigate ReDOS attacks on the chat bot.

Browse Source
This commit is contained in:
John Livingston
2025-06-06 16:37:06 +02:00
parent 98dc729447
commit 0be11fb2ae
9 changed files with 2068 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/lib/configuration/channel/storage.ts
View File

@ -38,7 +38,7 @@ async function getChannelConfigurationOptions (
const content = await fs.promises.readFile(filePath, {
encoding: 'utf-8'
})
const sanitized = await sanitizeChannelConfigurationOptions(options, channelId, JSON.parse(content))
const sanitized = await sanitizeChannelConfigurationOptions(options, channelId, JSON.parse(content), 'read')
return sanitized
}
@ -262,6 +262,7 @@ function _getForbidSpecialCharsHandler (
name: id,
regexp,
modifiers: 'us',
regexp_engine: 'regexp', // FIXME: node-re2 is not compatible with \p{Emoji} and co, so we ensure to use RegExp here
reason: forbidSpecialChars.reason
}
handler.options.rules.push(rule)