unleash.unleash/src/lib/util/is-email.ts

// Email address matcher.
// eslint-disable-next-line no-useless-escape
const matcher =
    /[A-Z0-9.!#$%&'*+-/=?^_{|}~]+@[A-Z0-9][A-Z0-9.!#$%&'*+-/=?^_{|}~]*\.[A-Z]{2,}$/i;

/**
 * Loosely validate an email address.
 * Max length of an email address is 320 characters: 64 for the local part + 1 for the @ +
 * 255 for the domain part.
 * See https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.3.1.1
 *
 * Being a bit extra cautious here and limiting the max length to 500 characters, which prevents
 * [Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) attacks
 * due to polynomial regular expression used on uncontrolled data.
 *
 * @param {string} string
 * @return {boolean}
 */
function isEmail(value: string): boolean {
    if (value.length > 500) return false;
    return matcher.test(value);
}

/*
 * Exports.
 */

export default isEmail;
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`// Email address matcher.`
			`// eslint-disable-next-line no-useless-escape`
chore: add linter rules for regexp (#3500) ## About the changes Add linter rules for regexp security vulnerabilities Commit 1c5d54c76e1159bf2f90d46fc7cd5c9f50666e51 [fails due to regexp/no-super-linear-backtracking](https://github.com/Unleash/unleash/actions/runs/4668430535/jobs/8265506170#step:5:37) as reported here: https://github.com/Unleash/unleash/security/code-scanning/1 [0127d1a](https://github.com/Unleash/unleash/pull/3500/commits/0127d1a7464a3c08d925222f366c60ba45c504c8) fixes the issues and warnings by running `yarn lint --fix` 2023-04-17 09:11:22 +02:00			`const matcher =`
			`/[A-Z0-9.!#$%&'+-/=?^_{\|}~]+@[A-Z0-9][A-Z0-9.!#$%&'+-/=?^_{\|}~]*\.[A-Z]{2,}$/i;`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00
			`/**`
			`* Loosely validate an email address.`
fix: some security vulnerabilities (#4143) ## About the changes This should address: https://github.com/Unleash/unleash/security/code-scanning/1, https://github.com/Unleash/unleash/security/code-scanning/49 and https://github.com/Unleash/unleash/security/code-scanning/52 Refs: - https://securitylab.github.com/research/github-actions-untrusted-input/ - https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS - https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.3.1.1 --------- Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2023-07-05 11:51:27 +02:00			`* Max length of an email address is 320 characters: 64 for the local part + 1 for the @ +`
			`* 255 for the domain part.`
			`* See https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.3.1.1`
			`*`
			`* Being a bit extra cautious here and limiting the max length to 500 characters, which prevents`
			`* [Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) attacks`
			`* due to polynomial regular expression used on uncontrolled data.`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`*`
			`* @param {string} string`
			`* @return {boolean}`
			`*/`
			`function isEmail(value: string): boolean {`
fix: some security vulnerabilities (#4143) ## About the changes This should address: https://github.com/Unleash/unleash/security/code-scanning/1, https://github.com/Unleash/unleash/security/code-scanning/49 and https://github.com/Unleash/unleash/security/code-scanning/52 Refs: - https://securitylab.github.com/research/github-actions-untrusted-input/ - https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS - https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.3.1.1 --------- Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2023-07-05 11:51:27 +02:00			`if (value.length > 500) return false;`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`return matcher.test(value);`
			`}`

			`/*`
			`* Exports.`
			`*/`

			`export default isEmail;`