Skip to content

Commit

Permalink
Security Fix
Browse files Browse the repository at this point in the history
Patch for CVE-2020-7598
  • Loading branch information
evanplaice committed Mar 24, 2020
1 parent aa60321 commit 1818ef6
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 109 deletions.
13 changes: 8 additions & 5 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ function parse (csv, options, reviver = v => v) {
ctx.col = 1;
ctx.row = 1;

const lexer = RegExp(/"|,|\r\n|\n|\r|[^",\r\n]+/y);
const lexer = new RegExp(/"|,|\r\n|\n|\r|[^",\r\n]+/y);
const isNewline = new RegExp(/^(\r\n|\n|\r)$/);

let matches = [];
let match = '';
Expand All @@ -39,7 +40,7 @@ function parse (csv, options, reviver = v => v) {
state = 0;
valueEnd(ctx);
break;
case /^(\r\n|\n|\r)$/.test(match):
case isNewline.test(match):
state = 0;
valueEnd(ctx);
entryEnd(ctx);
Expand All @@ -56,7 +57,7 @@ function parse (csv, options, reviver = v => v) {
state = 0;
valueEnd(ctx);
break;
case /^(\r\n|\n|\r)$/.test(match):
case isNewline.test(match):
state = 0;
valueEnd(ctx);
entryEnd(ctx);
Expand Down Expand Up @@ -87,7 +88,7 @@ function parse (csv, options, reviver = v => v) {
state = 0;
valueEnd(ctx);
break;
case /^(\r\n|\n|\r)$/.test(match):
case isNewline.test(match):
state = 0;
valueEnd(ctx);
entryEnd(ctx);
Expand Down Expand Up @@ -126,11 +127,13 @@ function entryEnd (ctx) {

/** @private */
function inferType (value) {
const isNumber = new RegExp(/.\./);

switch (true) {
case value === 'true':
case value === 'false':
return value === 'true';
case /.\./.test(value):
case isNumber.test(value):
return parseFloat(value);
case isFinite(value):
return parseInt(value);
Expand Down
2 changes: 1 addition & 1 deletion index.min.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 1818ef6

Please sign in to comment.