fix: unsafe regular expression

src/core/TraceError.ts

@@ -1,5 +1,5 @@
 import { basename, dirname } from 'node:path';
-import { normalizeNumber, normalizePath, normalizeTrack } from '../helpers/index.js';
+import { getAddress, normalizeNumber, normalizePath, normalizeTrack } from '../helpers/index.js';
 import type { TraceOption } from '../shared/index.js';
 import PaletteError from './PaletteError.js';
 
@@ -71,9 +71,9 @@ export default class TraceError extends PaletteError {
         let col: number | undefined;
         let packageName = '[current]';
 
-        const addressMatch = /\(([^)<>]+)\)(?:,\s<anonymous>:\d+:\d+\))?$/.exec(text);
+        const addressMatch = getAddress(text);
         if (addressMatch) {
-            address = addressMatch[1].trim();
+            address = addressMatch.trim();
             name = isEval ? 'eval' : text.slice(0, Math.max(0, text.length - address.length - 2)).trim();
         } else {
             address = text;

src/helpers/get-address.ts

@@ -0,0 +1,25 @@
+function getAddress(text: string) {
+    let index = 0;
+    let start = -1;
+    let end = -1;
+
+    while (index >= 0) {
+        const nextIndex = text.slice(Math.max(0, index)).indexOf('(');
+        index = nextIndex > 0 ? nextIndex + index + 1 : -1;
+
+        if (nextIndex > 0) {
+            start = index;
+        }
+    }
+
+    if (start === -1) return '';
+
+    index = text.slice(Math.max(0, start)).indexOf(')');
+    if (index === -1) return '';
+
+    end = index + start;
+
+    return text.slice(start, end);
+}
+
+export default getAddress;

src/helpers/index.ts

@@ -1,5 +1,5 @@
+export { default as getAddress } from './get-address.js';
 export { default as isBgRgb } from './is-bg-rgb.js';
-export { default as isNil } from './is-nil.js';
 export { default as isRgb } from './is-rgb.js';
 export { default as isString } from './is-string.js';
 export { default as normalizeNumber } from './normalize-number.js';

src/helpers/is-bg-rgb.ts

@@ -1,14 +1,10 @@
+import isRgb from './is-rgb.js';
+
 function isBgRgb(value: string): value is string {
     if (!value.startsWith('bg')) return false;
 
-    const rgbRegular = /^bg\((?:\d{1,3},){2}\d{1,3}\)$/;
-    const numberRegular = /\d{1,3}/g;
-
-    const numberMatch = value.match(numberRegular);
-    const validNumber = Boolean(numberMatch?.every((item) => Number(item) <= 255));
-
-    const validRgb = rgbRegular.test(value.replace(/\s/g, ''));
-    return validNumber && validRgb;
+    const rgbValue = value.slice(2).replace(/\s/g, '');
+    return isRgb(rgbValue);
 }
 
 export default isBgRgb;

src/helpers/is-rgb.ts

@@ -1,12 +1,12 @@
 function isRgb(value: string): value is string {
-    const rgbRegular = /^\((?:\d{1,3},){2}\d{1,3}\)$/;
-    const numberRegular = /\d{1,3}/g;
+    const rgbRegular = /^\(\d{1,3},\d{1,3},\d{1,3}\)$/;
+    const validRgb = rgbRegular.test(value.replace(/\s/g, ''));
+    if (!validRgb) return false;
 
+    const numberRegular = /\d{1,3}/g;
     const numberMatch = value.match(numberRegular);
-    const validNumber = Boolean(numberMatch?.every((item) => Number(item) <= 255));
 
-    const validRgb = rgbRegular.test(value.replace(/\s/g, ''));
-    return validNumber && validRgb;
+    return Boolean(numberMatch?.every((item) => Number(item) <= 255));
 }
 
 export default isRgb;

src/helpers/normalize-rgb.ts

@@ -1,5 +1,6 @@
 function normalizeRgb(color: string, prefix = ''): [number, number, number] {
-    const rgb = color.replace(/[\s()]/g, '').replace(new RegExp(`^${prefix}`), '');
+    const length = color.startsWith(prefix) ? prefix.length : 0;
+    const rgb = color.replace(/[\s()]/g, '').slice(Math.max(0, length));
 
     const [r, g, b] = rgb.split(',').map(Number);
 

test/helpers/get-address.spec.ts

@@ -0,0 +1,45 @@
+import { expect, test } from 'vitest';
+import getAddress from '../../src/helpers/get-address';
+
+test('getAddress - should return empty string for invalid input', () => {
+    const text = '';
+    const result = getAddress(text);
+    const expected = '';
+    expect(result).toBe(expected);
+});
+
+test('getAddress - should return empty string if no parentheses are found', () => {
+    const text = 'This is a test string without parentheses';
+    const result = getAddress(text);
+    const expected = '';
+    expect(result).toBe(expected);
+});
+
+test('getAddress - should return empty string if parentheses are not closed', () => {
+    const text = 'This is a test string with an open parenthesis ( but no closing parenthesis';
+    const result = getAddress(text);
+    const expected = '';
+    expect(result).toBe(expected);
+});
+
+test('getAddress - should return the content within the parentheses', () => {
+    const text = 'This is a test string with (some content) within parentheses';
+    const result = getAddress(text);
+    const expected = 'some content';
+    expect(result).toBe(expected);
+});
+
+test('getAddress - should return the content within the last set of parentheses', () => {
+    const text =
+        'This is a test string with (multiple sets of parentheses) but should return the content within the last one';
+    const result = getAddress(text);
+    const expected = 'multiple sets of parentheses';
+    expect(result).toBe(expected);
+});
+
+test('getAddress - should handle nested parentheses and return the content within the outermost set', () => {
+    const text = 'This is a test string with (nested (parentheses) within parentheses)';
+    const result = getAddress(text);
+    const expected = 'parentheses';
+    expect(result).toBe(expected);
+});