From eb93bbbd14d3a4953afd2fbe55840c4aad546784 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 21 May 2023 14:54:01 +0000 Subject: [PATCH 1/3] feat: upgrade path-to-regexp from 0.1.7 to 6.2.1 Snyk has created this PR to upgrade path-to-regexp from 0.1.7 to 6.2.1. See this package in npm: https://www.npmjs.com/package/path-to-regexp See this project in Snyk: https://app.snyk.io/org/acinader/project/21343059-02d9-4182-87d7-718a44b181ef?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 26 ++++++++++++++++++-------- package.json | 2 +- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 98435f92dc..18c82441d6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40,7 +40,7 @@ "mongodb": "4.10.0", "mustache": "4.2.0", "parse": "4.0.1", - "path-to-regexp": "0.1.7", + "path-to-regexp": "^6.2.1", "pg-monitor": "2.0.0", "pg-promise": "11.3.0", "pluralize": "8.0.0", @@ -75,7 +75,7 @@ "all-node-versions": "11.3.0", "apollo-upload-client": "17.0.0", "bcrypt-nodejs": "0.0.3", - "clean-jsdoc-theme": "^4.2.7", + "clean-jsdoc-theme": "4.2.7", "cross-env": "7.0.2", "deep-diff": "1.0.2", "eslint": "8.26.0", @@ -7291,6 +7291,11 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, + "node_modules/express/node_modules/path-to-regexp": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + }, "node_modules/ext": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", @@ -16183,9 +16188,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz", + "integrity": "sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw==" }, "node_modules/path-type": { "version": "4.0.0", @@ -26104,6 +26109,11 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "path-to-regexp": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" } } }, @@ -32811,9 +32821,9 @@ "dev": true }, "path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz", + "integrity": "sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw==" }, "path-type": { "version": "4.0.0", diff --git a/package.json b/package.json index 8a0338e441..b890e7edf4 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "mongodb": "4.10.0", "mustache": "4.2.0", "parse": "4.0.1", - "path-to-regexp": "0.1.7", + "path-to-regexp": "6.2.1", "pg-monitor": "2.0.0", "pg-promise": "11.3.0", "pluralize": "8.0.0", From 85c164570f2cb40eaeda39e5704ead25429c6d5f Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 22 May 2023 14:42:14 +1000 Subject: [PATCH 2/3] refactor: Upgrade path-to-regexp from 0.1.7 to 6.2.1 --- package-lock.json | 2 +- spec/RateLimit.spec.js | 2 +- src/cloud-code/Parse.Cloud.js | 4 ++-- src/middlewares.js | 8 ++++++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 18c82441d6..cc0976b60e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40,7 +40,7 @@ "mongodb": "4.10.0", "mustache": "4.2.0", "parse": "4.0.1", - "path-to-regexp": "^6.2.1", + "path-to-regexp": "6.2.1", "pg-monitor": "2.0.0", "pg-promise": "11.3.0", "pluralize": "8.0.0", diff --git a/spec/RateLimit.spec.js b/spec/RateLimit.spec.js index 894c8fcf82..3f4b4dd708 100644 --- a/spec/RateLimit.spec.js +++ b/spec/RateLimit.spec.js @@ -1,5 +1,5 @@ const RedisCacheAdapter = require('../lib/Adapters/Cache/RedisCacheAdapter').default; -describe('rate limit', () => { +fdescribe('rate limit', () => { it('can limit cloud functions', async () => { Parse.Cloud.define('test', () => 'Abc'); await reconfigureServer({ diff --git a/src/cloud-code/Parse.Cloud.js b/src/cloud-code/Parse.Cloud.js index 5540e8d719..01bf65f42c 100644 --- a/src/cloud-code/Parse.Cloud.js +++ b/src/cloud-code/Parse.Cloud.js @@ -82,9 +82,9 @@ const getRoute = parseClass => { '@File': 'files', }[parseClass] || 'classes'; if (parseClass === '@File') { - return `/${route}/:id?*`; + return `/${route}/:id?(.*)`; } - return `/${route}/${parseClass}/:id?*`; + return `/${route}/${parseClass}/:id?(.*)`; }; /** @namespace * @name Parse diff --git a/src/middlewares.js b/src/middlewares.js index 2e450f3e03..faaafe542f 100644 --- a/src/middlewares.js +++ b/src/middlewares.js @@ -9,7 +9,7 @@ import MongoStorageAdapter from './Adapters/Storage/Mongo/MongoStorageAdapter'; import PostgresStorageAdapter from './Adapters/Storage/Postgres/PostgresStorageAdapter'; import rateLimit from 'express-rate-limit'; import { RateLimitOptions } from './Options/Definitions'; -import pathToRegexp from 'path-to-regexp'; +import { pathToRegexp } from 'path-to-regexp'; import ipRangeCheck from 'ip-range-check'; import RedisStore from 'rate-limit-redis'; import { createClient } from 'redis'; @@ -512,8 +512,12 @@ export const addRateLimit = (route, config, cloud) => { }, }); } + let transformPath = route.requestPath.replaceAll('/*', '/(.*)'); + if (transformPath === '*') { + transformPath = '(.*)'; + } config.rateLimits.push({ - path: pathToRegexp(route.requestPath), + path: pathToRegexp(transformPath), handler: rateLimit({ windowMs: route.requestTimeWindow, max: route.requestCount, From ead0a117566a947ebf0af8cc6dca6e4262adf9e0 Mon Sep 17 00:00:00 2001 From: dblythy Date: Mon, 22 May 2023 14:42:56 +1000 Subject: [PATCH 3/3] Update RateLimit.spec.js --- spec/RateLimit.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/RateLimit.spec.js b/spec/RateLimit.spec.js index 3f4b4dd708..894c8fcf82 100644 --- a/spec/RateLimit.spec.js +++ b/spec/RateLimit.spec.js @@ -1,5 +1,5 @@ const RedisCacheAdapter = require('../lib/Adapters/Cache/RedisCacheAdapter').default; -fdescribe('rate limit', () => { +describe('rate limit', () => { it('can limit cloud functions', async () => { Parse.Cloud.define('test', () => 'Abc'); await reconfigureServer({