wkadmin/the-tip-top-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: secure email regex against ReDoS vulnerability

Browse Source 
- Replace vulnerable regex with bounded quantifiers
- Add email length check (max 254 chars per RFC 5321)
- Fixes SonarQube security hotspot S5852

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
soufiane 2025-12-04 15:39:27 +01:00
parent e480c7ee1e
commit 17a9dc7b22
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/controllers/auth.controller.js
View File

@ -328,9 +328,9 @@ export const checkEmail = asyncHandler(async (req, res, next) => {
return next(new AppError('Email requis', 400)); return next(new AppError('Email requis', 400));
} }
// Validation format email // Validation format email (regex sécurisée contre ReDoS avec limite de longueur)
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; const isValidEmail = email.length <= 254 && /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/.test(email);
if (!emailRegex.test(email)) { if (!isValidEmail) {
return res.json({ return res.json({
success: true, success: true,
isValid: false, isValid: false,