From 12a14f03dbfbbdc759c1c20a631b277892da09de Mon Sep 17 00:00:00 2001
From: wolfy1339 <webmaster@wolfy1339.com>
Date: Fri, 14 Feb 2025 17:26:10 -0500
Subject: [PATCH 1/2] fix: ReDos regex vulnerability, reported by @dayshift

---
 src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/index.ts b/src/index.ts
index 2626118..d4f4f65 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -76,7 +76,7 @@ export class RequestError extends Error {
     if (options.request.headers.authorization) {
       requestCopy.headers = Object.assign({}, options.request.headers, {
         authorization: options.request.headers.authorization.replace(
-          / .*$/,
+          /(?<! ) .*$/,
           " [REDACTED]",
         ),
       });

From b51ed2766807a5ca59b5ba477762e84171ccca53 Mon Sep 17 00:00:00 2001
From: wolfy1339 <webmaster@wolfy1339.com>
Date: Fri, 14 Feb 2025 17:26:20 -0500
Subject: [PATCH 2/2]  test: ReDos regex vulnerability, reported by @dayshift

---
 test/request-error.test.ts | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/test/request-error.test.ts b/test/request-error.test.ts
index a14be91..f74d443 100644
--- a/test/request-error.test.ts
+++ b/test/request-error.test.ts
@@ -10,6 +10,42 @@ const mockOptions: RequestErrorOptions = {
 };
 
 describe("RequestError", () => {
+  test("Test ReDoS - attack string", () => {
+    const startTime = performance.now();
+    const error = new RequestError("Oops", 500, {
+      request: {
+        method: "POST",
+        url: "https://api.github.com/foo",
+        body: {
+          bar: "baz",
+        },
+        headers: {
+          authorization: "" + " ".repeat(100000) + "\n@",
+        },
+      },
+      response: {
+        status: 500,
+        url: "https://api.github.com/foo",
+        headers: {
+          "x-github-request-id": "1:2:3:4",
+        },
+        data: {
+          foo: "bar",
+        },
+      },
+    });
+    const endTime = performance.now();
+    const elapsedTime = endTime - startTime;
+    const reDosThreshold = 2000;
+    expect(elapsedTime).toBeLessThanOrEqual(reDosThreshold);
+    if (elapsedTime > reDosThreshold) {
+      console.warn(
+        `🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(
+          2,
+        )} ms, exceeding threshold of ${reDosThreshold} ms.`,
+      );
+    }
+  });
   test("inherits from Error", () => {
     const error = new RequestError("test", 123, mockOptions);
     expect(error).toBeInstanceOf(Error);