fix: handle data URLs gracefully

patrickhulce · patrickhulce · commit 4171f499f4ac · 2019-10-16T07:51:56.000-05:00
diff --git a/lib/create-entity-finder-api.js b/lib/create-entity-finder-api.js
@@ -4,13 +4,16 @@ const IP_REGEX = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
 const ROOT_DOMAIN_REGEX = /[^.]+\.([^.]+|(gov|com|co|ne)\.\w{2})$/i
 
 function getDomainFromOriginOrURL(originOrURL) {
+  if (typeof originOrURL !== 'string') return null
+  if (originOrURL.length > 10000 || originOrURL.startsWith('data:')) return null
   if (DOMAIN_IN_URL_REGEX.test(originOrURL)) return originOrURL.match(DOMAIN_IN_URL_REGEX)[1]
   if (DOMAIN_CHARACTERS.test(originOrURL)) return originOrURL.match(DOMAIN_CHARACTERS)[0]
   throw new Error(`Unable to find domain in "${originOrURL}"`)
 }
 
 function getRootDomain(originOrURL) {
   const domain = getDomainFromOriginOrURL(originOrURL)
+  if (!domain) return null
   if (IP_REGEX.test(domain)) return domain
   const match = domain.match(ROOT_DOMAIN_REGEX)
   return (match && match[0]) || domain
@@ -19,6 +22,7 @@ function getRootDomain(originOrURL) {
 function getEntityInDataset(entityByDomain, entityByRootDomain, originOrURL) {
   const domain = getDomainFromOriginOrURL(originOrURL)
   const rootDomain = getRootDomain(domain)
+  if (!domain || !rootDomain) return undefined
   if (entityByDomain.has(domain)) return entityByDomain.get(domain)
   if (entityByRootDomain.has(rootDomain)) return entityByRootDomain.get(rootDomain)
   return undefined
diff --git a/lib/index.test.js b/lib/index.test.js
@@ -39,6 +39,11 @@ describe('getRootDomain', () => {
     expect(getRootDomain('*.hulce.photography')).toEqual('hulce.photography')
   })
 
+  it('runs on *massive* inputs', () => {
+    const massiveInput = '123456789'.repeat(100e3)
+    expect(getRootDomain(massiveInput)).toEqual(null)
+  })
+
   it('throws on invalid inputs', () => {
     expect(() => getRootDomain('this is not a domain')).toThrow()
     expect(() => getRootDomain('neither-is-this')).toThrow()
@@ -112,6 +117,11 @@ Object {
     expect(getEntity('http://fbcdn-photos-e-a.akamaihd.net/1234.jpg').name).toEqual('Facebook')
     expect(getEntity('http://unknown.akamaihd.net/1234.jpg').name).toEqual('Akamai')
   })
+
+  it('runs on *massive* inputs', () => {
+    const massiveInput = '123456789'.repeat(100e3)
+    expect(getEntity(massiveInput)).toEqual(undefined)
+  })
 })
 
 describe('build state', () => {
