switch from vulnerable VALID_DOMAIN regex to is-valid-domain lib (#79)

James Zetlen · web-flow · commit b0763215f668 · 2022-05-03T12:25:00.000-05:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -45,13 +45,13 @@
     "eol": "^0.9.1",
     "get-port": "^3.2.0",
     "glob": "^7.1.2",
+    "is-valid-domain": "^0.1.6",
     "lodash": "^4.17.4",
     "mkdirp": "^0.5.1",
     "password-prompt": "^1.0.4",
     "rimraf": "^2.6.2",
     "sudo-prompt": "^8.2.0",
     "tmp": "^0.0.33",
     "tslib": "^1.10.0"
-  },
-  "optionalDependencies": {}
+  }
 }
diff --git a/src/constants.ts b/src/constants.ts
@@ -6,9 +6,6 @@ import applicationConfigPath = require('application-config-path');
 import eol from 'eol';
 import {mktmp, numericHash} from './utils';
 
-export const VALID_IP = /(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}/;
-export const VALID_DOMAIN = /^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.?)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$/i;
-
 // Platform shortcuts
 export const isMac = process.platform === 'darwin';
 export const isLinux = process.platform === 'linux';
diff --git a/src/index.ts b/src/index.ts
@@ -11,13 +11,12 @@ import {
   domainsDir,
   rootCAKeyPath,
   rootCACertPath,
-  VALID_DOMAIN,
-  VALID_IP
 } from './constants';
 import currentPlatform from './platforms';
 import installCertificateAuthority, { ensureCACertReadable, uninstall } from './certificate-authority';
 import generateDomainCertificate from './certificates';
 import UI, { UserInterface } from './user-interface';
+import isValidDomain from 'is-valid-domain';
 export { uninstall };
 
 const debug = createDebug('devcert');
@@ -69,11 +68,8 @@ type IReturnData<O extends Options = {}> = (IDomainData) & (IReturnCa<O>) & (IRe
  */
 export async function certificateFor<O extends Options>(requestedDomains: string | string[], options: O = {} as O): Promise<IReturnData<O>> {
   const domains = Array.isArray(requestedDomains) ? requestedDomains : [requestedDomains];
-  if (domains.some((d) => VALID_IP.test(d))) {
-    throw new Error('IP addresses are not supported currently');
-  }
   domains.forEach((domain) => {
-    if (!VALID_DOMAIN.test(domain)) {
+    if (!isValidDomain(domain, { subdomain: false, wildcard: false, allowUnicode: true, topLevel: false })) {
       throw new Error(`"${domain}" is not a valid domain name.`);
     }
   });
