chore: try to fix CodeQL failure "Polynomial regular expression"

Fix 1: \d\.?\d* can backtrack catastrophically \d(\.\d*)? is safer Fix 2: Useless parenthesis around "enc:" Fix 3: The httpTester regex was misleading. It did not really check for "http". Simplified to show its true meaning. The behaviour should not have changed. Signed-off-by: Martin d'Allens <[email protected]>
maptiler · Oct 11, 2023 · 3d55982 · 3d55982
1 parent 5b24379
commit 3d55982
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/serve_rendered.js b/src/serve_rendered.js
@@ -23,8 +23,8 @@ import translateLayers from './translate_layers.js';
 
 const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
 const PATH_PATTERN =
-  /^((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))/;
-const httpTester = /^(http(s)?:)?\/\//;
+  /^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|(-?\d+(\.\d*)?,-?\d+(\.\d*)?\|)+(-?\d+(\.\d*)?,-?\d+(\.\d*)?)*)/;
+const httpTester = /^\/\//;
 
 const mercator = new SphericalMercator();
 const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;