Code scanning alerts: Inefficient regular expression

Description

Code scanning alerts · hpcc-systems/HPCC-Platform (github.com)

The issues are in:

esp/files/yui/build/dom/dom.js:1610
esp/files/yui/build/dom/dom-debug.js:1650

Is the yui still being used here?

Conclusion

None

Activity

Show:

Gordon Smith February 8, 2022 at 3:37 PM

We are not using those (apart from in legacy nested pages).

Ken Rowland February 4, 2022 at 4:23 PM

 As in , I only see references to minified non debug versions of these files. You should be able to remove them, but make sure the platform still builds config manager and it loads properly. I'd still archive them just in case we ever had to rebuild the minified versions (although I don't even know what build tools would do that at this point)

Kanghua Wang February 3, 2022 at 8:41 PM

 I am thinking to remove those yui files from HPCC repo. Any objection?

 I saw that the esp/files/configmgr.html does include some yui files (but not those 4 files). Do you have any objection if I remove those 4 files from HPCC repo? 

Kanghua Wang January 28, 2022 at 9:16 PM

By searching HPCC repo, I did not see a file which includes: selector-debug.js, selector.js, dom-debug.js, and and dom.js. We may remove those yui files.

 

Kanghua Wang January 28, 2022 at 8:02 PM

2 types of Inefficient regular expression alerts:

1.  alert: This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of 'a'.

The alert is for: attributes: /^[([a-z]\w*)(=?)?['"]?(

]*?)['"]?]/i,

 (in esp/files/yui/build/selector/selector-debug.js:542 and esp/files/yui/build/selector/selector.js:535).

2. alert: This part of the regular expression may cause exponential backtracking on strings starting with '9' and containing many repetitions of '0'.

The alert is for: re_unit = /^(\d[.\d]*)+(em|ex|px|gd|rem|vw|vh|vm|ch|mm|cm|in|pt|pc|deg|rad|ms|s|hz|khz|%){1}?/i,

(in esp/files/yui/build/dom/dom-debug.js:1650 and esp/files/yui/build/dom/dom.js:1610).

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Components

Assignee

Reporter

Priority

Compatibility

Point

Fix versions

Pull Request URL

Created January 14, 2022 at 4:21 PM
Updated February 14, 2022 at 11:31 AM
Resolved February 14, 2022 at 11:31 AM