From 2f8da7a7f0c2583d2ee36794886fd116a1773594 Mon Sep 17 00:00:00 2001
From: Brian Mann <brian@cypress.io>
Date: Sat, 17 Feb 2018 00:26:38 -0500
Subject: [PATCH] server: fix runaway regexp fails parsing a massive JS file
 (#1331)

* server: fix runaway regexp fails parsing a massive JS file

* server: fix linting errors, better debug logs

* server: lint fix again
---
 .gitignore                                    |  1 +
 packages/server/lib/controllers/proxy.coffee  |  6 ++-
 packages/server/lib/util/security.coffee      | 17 +++----
 packages/server/package.json                  |  1 +
 .../integration/http_requests_spec.coffee     | 45 +++++++++++++++++++
 5 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index fc6664654b..dd3b3cbd84 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ packages/example/cypress/fixtures/users.json
 packages/server/.cy
 packages/server/.projects
 packages/server/support
+packages/server/test/support/fixtures/server/huge_app.js
 
 # CLI tool
 cli/build
diff --git a/packages/server/lib/controllers/proxy.coffee b/packages/server/lib/controllers/proxy.coffee
index 77e270007a..091ac3ab20 100644
--- a/packages/server/lib/controllers/proxy.coffee
+++ b/packages/server/lib/controllers/proxy.coffee
@@ -143,7 +143,11 @@ module.exports = {
       ## turn off __cypress.initial by setting false here
       setCookies(false, wantsInjection)
 
-      debug("received request response for #{remoteUrl} %o", { headers })
+      debug("received response for %o", {
+        url: remoteUrl
+        headers,
+        statusCode
+      })
 
       encoding = headers["content-encoding"]
 
diff --git a/packages/server/lib/util/security.coffee b/packages/server/lib/util/security.coffee
index 377bed4a24..f277939c65 100644
--- a/packages/server/lib/util/security.coffee
+++ b/packages/server/lib/util/security.coffee
@@ -1,22 +1,23 @@
 stream = require("stream")
+pumpify = require("pumpify")
 replacestream = require("replacestream")
 
-topOrParentRe = /.*(top|parent).*/g
-topOrParentEqualityBeforeRe = /((?:window|self).*[!=][=]\s*(?:(?:window|self)(?:\.|\[['"]))?)(top|parent)/g
+topOrParentEqualityBeforeRe = /((?:window|self)(?:\.|\[['"](?:top|self)['"]\])?\s*[!=][=]\s*(?:(?:window|self)(?:\.|\[['"]))?)(top|parent)/g
 topOrParentEqualityAfterRe = /(top|parent)((?:["']\])?\s*[!=][=].*(?:window|self))/g
 topOrParentLocationOrFramesRe = /([^\da-zA-Z])(top|parent)([.])(location|frames)/g
 
-replacer = (match, p1, offset, string) ->
-  match
+strip = (html) ->
+  html
   .replace(topOrParentEqualityBeforeRe, "$1self")
   .replace(topOrParentEqualityAfterRe, "self$2")
   .replace(topOrParentLocationOrFramesRe, "$1self$3$4")
 
-strip = (html) ->
-  html.replace(topOrParentRe, replacer)
-
 stripStream = ->
-  replacestream(topOrParentRe, replacer)
+  pumpify(
+    replacestream(topOrParentEqualityBeforeRe, "$1self")
+    replacestream(topOrParentEqualityAfterRe, "self$2")
+    replacestream(topOrParentLocationOrFramesRe, "$1self$3$4")
+  )
 
 module.exports = {
   strip
diff --git a/packages/server/package.json b/packages/server/package.json
index 24b96f897a..f2128cc67e 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -135,6 +135,7 @@
     "pluralize": "^3.0.0",
     "pretty-error": "^2.1.0",
     "progress": "^1.1.8",
+    "pumpify": "^1.4.0",
     "ramda": "^0.24.0",
     "randomstring": "^1.1.5",
     "replacestream": "^4.0.3",
diff --git a/packages/server/test/integration/http_requests_spec.coffee b/packages/server/test/integration/http_requests_spec.coffee
index 400da826f4..1d8384b26b 100644
--- a/packages/server/test/integration/http_requests_spec.coffee
+++ b/packages/server/test/integration/http_requests_spec.coffee
@@ -2377,6 +2377,51 @@ describe "Routes", ->
               "if (self !== self) { }"
             )
 
+        it "does not die rewriting a huge JS file", ->
+          pathToHugeAppJs = Fixtures.path("server/huge_app.js")
+
+          getHugeFileGist = ->
+            rp("https://s3.amazonaws.com/assets.cypress.io/huge_app.js")
+            .then (resp) ->
+              fs
+              .writeFileAsync(pathToHugeAppJs, resp)
+              .return(resp)
+          fs
+          .readFileAsync(pathToHugeAppJs, "utf8")
+          .catch(getHugeFileGist)
+          .then (hugeJsFile)  =>
+
+            nock(@server._remoteOrigin)
+            .get("/app.js")
+            .reply 200, hugeJsFile, {
+              "Content-Type": "application/javascript"
+            }
+
+            reqTime = new Date()
+
+            @rp("http://www.google.com/app.js")
+            .then (res) ->
+              expect(res.statusCode).to.eq(200)
+
+              reqTime = new Date() - reqTime
+
+              ## shouldn't be more than 500ms
+              expect(reqTime).to.be.lt(500)
+
+              # b = res.body
+              #
+              # console.time("1")
+              # b.replace(topOrParentEqualityBeforeRe, "$self")
+              # console.timeEnd("1")
+              #
+              # console.time("2")
+              # b.replace(topOrParentEqualityAfterRe, "self$2")
+              # console.timeEnd("2")
+              #
+              # console.time("3")
+              # b.replace(topOrParentLocationOrFramesRe, "$1self$3$4")
+              # console.timeEnd("3")
+
       describe "off with config", ->
         beforeEach ->
           @setup("http://www.google.com", {