From 9fa822a961d15972215a3991b10f812731d42f0e Mon Sep 17 00:00:00 2001
From: ready-research <72916209+ready-research@users.noreply.github.com>
Date: Fri, 3 Sep 2021 23:02:03 +0530
Subject: [PATCH 1/3] Security fix for ReDoS (#1)

---
 lib/parsers/api.js                | 4 +---
 lib/parsers/api_define.js         | 3 +--
 lib/parsers/api_deprecated.js     | 3 +--
 lib/parsers/api_description.js    | 3 +--
 lib/parsers/api_example.js        | 3 +--
 lib/parsers/api_group.js          | 4 +---
 lib/parsers/api_name.js           | 4 +---
 lib/parsers/api_param.js          | 3 +--
 lib/parsers/api_sample_request.js | 4 +---
 lib/parsers/api_use.js            | 4 +---
 lib/parsers/api_version.js        | 4 +---
 lib/utils/trim.js                 | 9 ---------
 12 files changed, 11 insertions(+), 37 deletions(-)
 delete mode 100644 lib/utils/trim.js

diff --git a/lib/parsers/api.js b/lib/parsers/api.js
index 82bc871..5efa363 100644
--- a/lib/parsers/api.js
+++ b/lib/parsers/api.js
@@ -1,7 +1,5 @@
-var trim = require('../utils/trim');
-
 function parse(content) {
-    content = trim(content);
+    content = content.trim();
 
     // Search: type, url and title
     // Example: {get} /user/:id Get User by ID.
diff --git a/lib/parsers/api_define.js b/lib/parsers/api_define.js
index ccb5b39..76f866b 100644
--- a/lib/parsers/api_define.js
+++ b/lib/parsers/api_define.js
@@ -1,4 +1,3 @@
-var trim     = require('../utils/trim');
 var unindent = require('../utils/unindent');
 
 var ParameterError = require('../errors/parameter_error');
@@ -15,7 +14,7 @@ var _messages = {
 function parse(content, source, messages) {
     messages = messages || _messages;
 
-    content = trim(content);
+    content = content.trim();
 
     var parseRegExp = /^(\w*)(.*?)(?:\s+|$)(.*)$/gm;
     var matches = parseRegExp.exec(content);
diff --git a/lib/parsers/api_deprecated.js b/lib/parsers/api_deprecated.js
index 6e958a8..b5a43c4 100644
--- a/lib/parsers/api_deprecated.js
+++ b/lib/parsers/api_deprecated.js
@@ -1,8 +1,7 @@
-var trim     = require('../utils/trim');
 var unindent = require('../utils/unindent');
 
 function parse(content) {
-  var deprecated = trim(content);
+  var deprecated = content.trim();
 
   if (deprecated.length > 0) {
     return {
diff --git a/lib/parsers/api_description.js b/lib/parsers/api_description.js
index 8a06537..c64e47f 100644
--- a/lib/parsers/api_description.js
+++ b/lib/parsers/api_description.js
@@ -1,8 +1,7 @@
-var trim     = require('../utils/trim');
 var unindent = require('../utils/unindent');
 
 function parse(content) {
-    var description = trim(content);
+    var description = content.trim();
 
     if (description.length === 0)
         return null;
diff --git a/lib/parsers/api_example.js b/lib/parsers/api_example.js
index 1da3fa1..622845c 100644
--- a/lib/parsers/api_example.js
+++ b/lib/parsers/api_example.js
@@ -1,8 +1,7 @@
-var trim     = require('../utils/trim');
 var unindent = require('../utils/unindent');
 
 function parse(content, source) {
-    source = trim(source);
+    source = source.trim();
 
     var title = '';
     var text = '';
diff --git a/lib/parsers/api_group.js b/lib/parsers/api_group.js
index a53661f..6a04ec4 100644
--- a/lib/parsers/api_group.js
+++ b/lib/parsers/api_group.js
@@ -1,7 +1,5 @@
-var trim = require('../utils/trim');
-
 function parse(content) {
-	var group = trim(content);
+	var group = content.trim();
 
 	if (group.length === 0)
         return null;
diff --git a/lib/parsers/api_name.js b/lib/parsers/api_name.js
index f0f9085..1fc8292 100644
--- a/lib/parsers/api_name.js
+++ b/lib/parsers/api_name.js
@@ -1,7 +1,5 @@
-var trim = require('../utils/trim');
-
 function parse(content) {
-    var name = trim(content);
+    var name = content.trim();
 
     if(name.length === 0)
         return null;
diff --git a/lib/parsers/api_param.js b/lib/parsers/api_param.js
index aa2140b..032cf67 100644
--- a/lib/parsers/api_param.js
+++ b/lib/parsers/api_param.js
@@ -1,4 +1,3 @@
-var trim     = require('../utils/trim');
 var unindent = require('../utils/unindent');
 
 var group = '';
@@ -69,7 +68,7 @@ var allowedValuesWithQuoteRegExp = new RegExp(/\'[^\']*[^\']\'/g);
 var allowedValuesRegExp = new RegExp(/[^,\s]+/g);
 
 function parse(content, source, defaultGroup) {
-    content = trim(content);
+    content = content.trim();
 
     // replace Linebreak with Unicode
     content = content.replace(/\n/g, '\uffff');
diff --git a/lib/parsers/api_sample_request.js b/lib/parsers/api_sample_request.js
index 79c99e6..e75f50d 100644
--- a/lib/parsers/api_sample_request.js
+++ b/lib/parsers/api_sample_request.js
@@ -1,7 +1,5 @@
-var trim = require('../utils/trim');
-
 function parse(content) {
-    var url = trim(content);
+    var url = content.trim();
 
     if(url.length === 0)
         return null;
diff --git a/lib/parsers/api_use.js b/lib/parsers/api_use.js
index b430dd4..9a63415 100644
--- a/lib/parsers/api_use.js
+++ b/lib/parsers/api_use.js
@@ -1,7 +1,5 @@
-var trim = require('../utils/trim');
-
 function parse(content) {
-    var name = trim(content);
+    var name = content.trim();
 
     if (name.length === 0)
         return null;
diff --git a/lib/parsers/api_version.js b/lib/parsers/api_version.js
index 220bf18..1be0f5b 100644
--- a/lib/parsers/api_version.js
+++ b/lib/parsers/api_version.js
@@ -1,11 +1,9 @@
 var semver = require('semver');
 
-var trim = require('../utils/trim');
-
 var ParameterError = require('../errors/parameter_error');
 
 function parse(content) {
-    content = trim(content);
+    content = content.trim();
 
     if (content.length === 0)
         return null;
diff --git a/lib/utils/trim.js b/lib/utils/trim.js
deleted file mode 100644
index 8b2ca28..0000000
--- a/lib/utils/trim.js
+++ /dev/null
@@ -1,9 +0,0 @@
-/**
- * Strip whitespace from the beginning and end of a string
- *
- * @param str string
- * @returns string
- */
-module.exports = function trim(str) {
-    return str.replace(/^\s*|\s*$/g, '');
-};

From cc2d615acaa72ccff016cb4f5d1db0d23ea6065c Mon Sep 17 00:00:00 2001
From: Nicolas CARPi <nico-git@deltablot.email>
Date: Fri, 3 Sep 2021 21:26:11 +0200
Subject: [PATCH 2/3] bump version to 0.15.1

---
 CHANGELOG.md      | 5 +++++
 package-lock.json | 5 +++--
 package.json      | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6655c55..dac3e0a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog for apidoc-core
 
+## 0.15.1
+* Use str.trim() instead of own regex vulnerable to ReDOS.
+Note that this vulnerability is not impacting this project as an attacker would need to control your source code from which you generate the documentation.
+Done in #120 by @ready-research.
+
 ## 0.15.0
 
 ### Fixed
diff --git a/package-lock.json b/package-lock.json
index 40dc6ac..ba1bdfb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,11 +1,12 @@
 {
   "name": "apidoc-core",
-  "version": "0.15.0",
+  "version": "0.15.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
-      "version": "0.15.0",
+      "name": "apidoc-core",
+      "version": "0.15.1",
       "license": "MIT",
       "dependencies": {
         "fs-extra": "^9.0.1",
diff --git a/package.json b/package.json
index 6ed1a24..2276033 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "apidoc-core",
-  "version": "0.15.0",
+  "version": "0.15.1",
   "description": "Core parser library to generate apidoc result following the apidoc-spec",
   "author": "Peter Rottmann <rottmann@inveris.de>",
   "license": "MIT",

From 14a0e950219ac8a77faa809677c5115e14384cc2 Mon Sep 17 00:00:00 2001
From: Nicolas CARPi <nico-git@deltablot.email>
Date: Sun, 5 Sep 2021 01:34:19 +0200
Subject: [PATCH 3/3] add archive reason in readme

---
 README.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 4107038..129537c 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,7 @@
 # apidoc-core
 
-Core parser library to generate apidoc result following the [apidoc-spec](https://github.com/apidoc/apidoc-spec).
+## ARCHIVED: this repository has been archived because it is now part of the apidoc main repository
 
-![Build Status](https://github.com/apidoc/apidoc-core/workflows/validate/badge.svg)
-[![Dependency Status](https://david-dm.org/apidoc/apidoc-core.svg)](https://david-dm.org/apidoc/apidoc-core)
-[![NPM version](https://badge.fury.io/js/apidoc-core.svg)](http://badge.fury.io/js/apidoc-core)
+Core parser library to generate apidoc result following the [apidoc-spec](https://github.com/apidoc/apidoc-spec).
 
-If you are an end user, please proceed to [apidoc](https://github.com/apidoc/apidoc) or [apidoc-documentation](http://apidocjs.com).
+If you are an end user, please proceed to [apidoc](https://github.com/apidoc/apidoc) or [apidoc-documentation](https://apidocjs.com).