From 7e72775422b9d360b1c1b7cb15822bd845c7a10c Mon Sep 17 00:00:00 2001 From: Yadhav Jayaraman <57544838+decyjphr@users.noreply.github.com> Date: Tue, 8 Apr 2025 10:45:03 -0400 Subject: [PATCH 1/4] cleaned up Glob and fixed a bug in sub org pattern detection --- lib/glob.js | 64 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 14 deletions(-) diff --git a/lib/glob.js b/lib/glob.js index 78a0eaaf3..05dc9add1 100644 --- a/lib/glob.js +++ b/lib/glob.js @@ -2,23 +2,47 @@ class Glob { constructor (glob) { this.glob = glob - // If not a glob pattern then just match the string. - if (!this.glob.includes('*')) { - this.regexp = new RegExp(`.*${this.glob}.*`, 'u') + // For patterns without any wildcards, match them anywhere in the string + const hasWildcards = glob.includes('*') || glob.includes('?') + + const hasNothingToEscape = escapeRegExp(glob) === glob + + if (hasNothingToEscape) { + this.regexp = new RegExp(`\\b${glob}\\b`, 'u') return } - this.regexptText = this.globize(this.glob) - this.regexp = new RegExp(`^${this.regexptText}$`, 'u') - } - globize (glob) { - return glob - .replace(/\\/g, '\\\\') // escape backslashes - .replace(/\//g, '\\/') // escape forward slashes - .replace(/\./g, '\\.') // escape periods - .replace(/\?/g, '([^\\/])') // match any single character except / - .replace(/\*\*/g, '.+') // match any character except /, including / - .replace(/\*/g, '([^\\/]*)') // match any character except / + if (!hasWildcards) { + // Simple case: no wildcards, just do a simple substring match + this.regexp = new RegExp(escapeRegExp(glob), 'u') + return + } + + // Handle wildcard patterns + let pattern + + if (glob.includes('**')) { + // Handle ** which can match across directory boundaries + pattern = glob + .replace(/\*\*/g, '__GLOBSTAR__') + .replace(/\./g, '\\.') + .replace(/\//g, '\\/') + .replace(/\?/g, '.') + .replace(/\*/g, '[^\\/]*') + .replace(/__GLOBSTAR__/g, '.*') + } else { + // Handle patterns with * but not ** + pattern = glob + .replace(/\./g, '\\.') + .replace(/\//g, '\\/') + .replace(/\?/g, '.') + .replace(/\*/g, '[^\\/]*') + } + + // Handle character classes + pattern = pattern.replace(/\\\[([^\]]+)\\\]/g, '[$1]') + + this.regexp = new RegExp(`^${pattern}$`, 'u') } toString () { @@ -26,10 +50,16 @@ class Glob { } [Symbol.search] (s) { + console.log('regex patttern is ', this.regexp) + console.log('string to search is ', s) + console.log('string search result is ', s.search(this.regexp)) return s.search(this.regexp) } [Symbol.match] (s) { + console.log('regex patttern is ', this.regexp) + console.log('string to match is ', s) + console.log('string match result is ', s.match(this.regexp)) return s.match(this.regexp) } @@ -41,4 +71,10 @@ class Glob { return s.replaceAll(this.regexp, replacement) } } + +// Helper function to escape regular expression special chars +function escapeRegExp (string) { + return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') +} + module.exports = Glob From c6ce8aaa41630936ee54dc16169039f8d2ab71ca Mon Sep 17 00:00:00 2001 From: Yadhav Jayaraman <57544838+decyjphr@users.noreply.github.com> Date: Tue, 8 Apr 2025 10:50:29 -0400 Subject: [PATCH 2/4] Potential fix for code scanning alert no. 68: Incomplete string escaping or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- lib/glob.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/glob.js b/lib/glob.js index 05dc9add1..7040b730b 100644 --- a/lib/glob.js +++ b/lib/glob.js @@ -24,6 +24,7 @@ class Glob { if (glob.includes('**')) { // Handle ** which can match across directory boundaries pattern = glob + .replace(/\\/g, '\\\\') .replace(/\*\*/g, '__GLOBSTAR__') .replace(/\./g, '\\.') .replace(/\//g, '\\/') @@ -33,6 +34,7 @@ class Glob { } else { // Handle patterns with * but not ** pattern = glob + .replace(/\\/g, '\\\\') .replace(/\./g, '\\.') .replace(/\//g, '\\/') .replace(/\?/g, '.') From a70438c1546f1b59da83cafe9a07f9b78d893655 Mon Sep 17 00:00:00 2001 From: Yadhav Jayaraman <57544838+decyjphr@users.noreply.github.com> Date: Tue, 8 Apr 2025 10:56:14 -0400 Subject: [PATCH 3/4] reset to old code that --- lib/glob.js | 66 ++++++++++++----------------------------------------- 1 file changed, 14 insertions(+), 52 deletions(-) diff --git a/lib/glob.js b/lib/glob.js index 7040b730b..78a0eaaf3 100644 --- a/lib/glob.js +++ b/lib/glob.js @@ -2,49 +2,23 @@ class Glob { constructor (glob) { this.glob = glob - // For patterns without any wildcards, match them anywhere in the string - const hasWildcards = glob.includes('*') || glob.includes('?') - - const hasNothingToEscape = escapeRegExp(glob) === glob - - if (hasNothingToEscape) { - this.regexp = new RegExp(`\\b${glob}\\b`, 'u') + // If not a glob pattern then just match the string. + if (!this.glob.includes('*')) { + this.regexp = new RegExp(`.*${this.glob}.*`, 'u') return } + this.regexptText = this.globize(this.glob) + this.regexp = new RegExp(`^${this.regexptText}$`, 'u') + } - if (!hasWildcards) { - // Simple case: no wildcards, just do a simple substring match - this.regexp = new RegExp(escapeRegExp(glob), 'u') - return - } - - // Handle wildcard patterns - let pattern - - if (glob.includes('**')) { - // Handle ** which can match across directory boundaries - pattern = glob - .replace(/\\/g, '\\\\') - .replace(/\*\*/g, '__GLOBSTAR__') - .replace(/\./g, '\\.') - .replace(/\//g, '\\/') - .replace(/\?/g, '.') - .replace(/\*/g, '[^\\/]*') - .replace(/__GLOBSTAR__/g, '.*') - } else { - // Handle patterns with * but not ** - pattern = glob - .replace(/\\/g, '\\\\') - .replace(/\./g, '\\.') - .replace(/\//g, '\\/') - .replace(/\?/g, '.') - .replace(/\*/g, '[^\\/]*') - } - - // Handle character classes - pattern = pattern.replace(/\\\[([^\]]+)\\\]/g, '[$1]') - - this.regexp = new RegExp(`^${pattern}$`, 'u') + globize (glob) { + return glob + .replace(/\\/g, '\\\\') // escape backslashes + .replace(/\//g, '\\/') // escape forward slashes + .replace(/\./g, '\\.') // escape periods + .replace(/\?/g, '([^\\/])') // match any single character except / + .replace(/\*\*/g, '.+') // match any character except /, including / + .replace(/\*/g, '([^\\/]*)') // match any character except / } toString () { @@ -52,16 +26,10 @@ class Glob { } [Symbol.search] (s) { - console.log('regex patttern is ', this.regexp) - console.log('string to search is ', s) - console.log('string search result is ', s.search(this.regexp)) return s.search(this.regexp) } [Symbol.match] (s) { - console.log('regex patttern is ', this.regexp) - console.log('string to match is ', s) - console.log('string match result is ', s.match(this.regexp)) return s.match(this.regexp) } @@ -73,10 +41,4 @@ class Glob { return s.replaceAll(this.regexp, replacement) } } - -// Helper function to escape regular expression special chars -function escapeRegExp (string) { - return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') -} - module.exports = Glob From 1c89e5d42143d0b39da35cb2a1bb753ac8a755fc Mon Sep 17 00:00:00 2001 From: Yadhav Jayaraman <57544838+decyjphr@users.noreply.github.com> Date: Tue, 8 Apr 2025 11:03:36 -0400 Subject: [PATCH 4/4] cleaned up Glob and fixed a bug in sub org pattern detection --- lib/glob.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/glob.js b/lib/glob.js index 78a0eaaf3..c8f98243d 100644 --- a/lib/glob.js +++ b/lib/glob.js @@ -4,7 +4,7 @@ class Glob { // If not a glob pattern then just match the string. if (!this.glob.includes('*')) { - this.regexp = new RegExp(`.*${this.glob}.*`, 'u') + this.regexp = new RegExp(`\\b${this.glob}\\b`, 'u') return } this.regexptText = this.globize(this.glob)