npm - mastercontroller - Versions diffs - 1.3.20 → 1.3.22 - Mend

mastercontroller 1.3.20 → 1.3.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/error/MasterBackendErrorHandler.js +2 -0
package/error/MasterErrorHandler.js +3 -0
package/package.json +1 -1

package/error/MasterBackendErrorHandler.js CHANGED Viewed

@@ -650,6 +650,8 @@ function handleRoutingError(requestPath, routes = [], errorContext = null) {
  */
 function findSimilarRoutes(requestPath, routes) {
   if (!routes || routes.length === 0) return [];
+  // Skip similarity search for long/malicious paths — they won't match any route
+  if (!requestPath || requestPath.length > 200) return [];
   const { levenshteinDistance } = require('./MasterErrorHandler');

package/error/MasterErrorHandler.js CHANGED Viewed

@@ -75,6 +75,9 @@ const ERROR_CODES = {
  * Levenshtein distance for "Did you mean?" suggestions
  */
 function levenshteinDistance(str1, str2) {
+  // Guard against non-strings (objects, regex, undefined) and extremely long paths
+  if (typeof str1 !== 'string' || typeof str2 !== 'string') return Infinity;
+  if (str1.length > 200 || str2.length > 200) return Infinity;
   const len1 = str1.length;
   const len2 = str2.length;
   const matrix = Array(len1 + 1).fill(null).map(() => Array(len2 + 1).fill(0));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mastercontroller",
-  "version": "1.3.20",
+  "version": "1.3.22",
   "description": "Fortune 500 ready Node.js MVC framework with enterprise security, monitoring, and horizontal scaling",
   "main": "MasterControl.js",
   "license": "MIT",