Skip to content

Commit c05ebaa

Browse files
bakerboy448bakerboy448
committed
fix: handle invalid regex in compileConfig, harden CSP
compileConfig now skips invalid regex patterns instead of crashing. Added base-uri 'none' to CSP meta tag to prevent base-href injection. 104 tests passing.
1 parent 115b817 commit c05ebaa

3 files changed

Lines changed: 21 additions & 2 deletions

File tree

index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<meta charset="UTF-8">
55
<meta name="viewport" content="width=device-width, initial-scale=1.0">
66
<meta http-equiv="Content-Security-Policy"
7-
content="default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'">
7+
content="default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'none'">
88
<title>Docker Compose Sanitizer</title>
99
<style>
1010
:root {

src/config.ts

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,16 @@ export function compileConfig(config: SanitizerConfig): {
4242
readonly sensitivePatterns: readonly RegExp[]
4343
readonly safeKeys: ReadonlySet<string>
4444
} {
45+
const compiled: RegExp[] = []
46+
for (const p of config.sensitivePatterns) {
47+
try {
48+
compiled.push(new RegExp(p, 'i'))
49+
} catch {
50+
// Skip invalid regex patterns — user entered bad syntax in settings
51+
}
52+
}
4553
return {
46-
sensitivePatterns: config.sensitivePatterns.map(p => new RegExp(p, 'i')),
54+
sensitivePatterns: compiled,
4755
safeKeys: new Set(config.safeKeys),
4856
}
4957
}

tests/config.test.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,17 @@ describe('config', () => {
8585
expect(compiled.safeKeys.has('OTHER')).toBe(false)
8686
})
8787

88+
it('compileConfig skips invalid regex patterns gracefully', () => {
89+
const config = {
90+
sensitivePatterns: ['valid', '[invalid', 'also_valid'],
91+
safeKeys: ['PUID'],
92+
}
93+
const compiled = compileConfig(config)
94+
expect(compiled.sensitivePatterns).toHaveLength(2)
95+
expect(compiled.sensitivePatterns[0].source).toBe('valid')
96+
expect(compiled.sensitivePatterns[1].source).toBe('also_valid')
97+
})
98+
8899
it('loadConfig rejects non-string array elements in sensitivePatterns', () => {
89100
localStorage.setItem('compose-sanitizer-config', JSON.stringify({
90101
sensitivePatterns: ['valid', 123],

0 commit comments

Comments
 (0)