From b3d6d45122f546409fd962beb85ebd28f8d8919d Mon Sep 17 00:00:00 2001
From: SuperMaxine <2586540653@qq.com>
Date: Sun, 19 Jan 2025 22:20:07 +0800
Subject: [PATCH] Fix the regular expression in the getDuration method to
 prevent ReDoS attacks and update error messages in test cases.

---
 server/modules/apicache/apicache.js      | 2 +-
 test/backend-test/test-apicache-ReDos.js | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/server/modules/apicache/apicache.js b/server/modules/apicache/apicache.js
index 41930b24d..2ca75ca4e 100644
--- a/server/modules/apicache/apicache.js
+++ b/server/modules/apicache/apicache.js
@@ -485,7 +485,7 @@ function ApiCache() {
         }
 
         if (typeof duration === "string") {
-            let split = duration.match(/^([\d\.,]+)\s?(\w+)$/);
+            let split = duration.match(/^([\d\.,]+)(?!\1)\s?((?:(?!\d)\w)+)$/);
 
             if (split.length === 3) {
                 let len = parseFloat(split[1]);
diff --git a/test/backend-test/test-apicache-ReDos.js b/test/backend-test/test-apicache-ReDos.js
index b0399efab..1a25bcea5 100644
--- a/test/backend-test/test-apicache-ReDos.js
+++ b/test/backend-test/test-apicache-ReDos.js
@@ -14,9 +14,13 @@ test("Test ReDos - attack string", async (t) => {
   const getDuration = apicacheModule.getDuration;
   const str = "" + "00".repeat(100000) + "\u0000";
   const startTime = performance.now();
-  getDuration(str);
+  try {
+    getDuration(str);
+  } catch (error) {
+    // pass
+  }
   const endTime = performance.now();
   const elapsedTime = endTime - startTime;
   const reDosThreshold = 9000;
-  assert(elapsedTime <= reDosThreshold, `🚨 可能存在 ReDoS 攻击！getDuration 方法耗时 ${elapsedTime.toFixed(2)} 毫秒，超过阈值 ${reDosThreshold} 毫秒。`);
+  assert(elapsedTime <= reDosThreshold, `🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(2)} ms, exceeding threshold of ${reDosThreshold} ms.`);
 });