|
221 | 221 | 'input' => static fn($n) => \str_repeat(">", $n) . \str_repeat(".", $n) . "\n", |
222 | 222 | 'expected' => static fn($n) => \str_repeat("<blockquote>\n", $n) . '<p>' . \str_repeat('.', $n) . "</p>\n" . \str_repeat("</blockquote>\n", $n), |
223 | 223 | ], |
| 224 | + 'CVE-2023-24824 test 1' => [ |
| 225 | + 'ref' => 'https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh', |
| 226 | + 'sizes' => [1_000, 10_000, 100_000], |
| 227 | + 'input' => static fn($n) => \str_repeat(">", $n) . \str_repeat("a*", $n) . "\n", |
| 228 | + 'configuration' => [ |
| 229 | + 'max_nesting_level' => 1_000, |
| 230 | + ], |
| 231 | + ], |
| 232 | + 'CVE-2023-24824 test 2' => [ |
| 233 | + 'ref' => 'https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh', |
| 234 | + 'sizes' => [500, 5_000, 50_000], |
| 235 | + 'input' => static fn($n) => \str_repeat(" -", $n) . 'x' . \str_repeat("\n", $n), |
| 236 | + 'configuration' => [ |
| 237 | + 'max_nesting_level' => 500, |
| 238 | + ], |
| 239 | + ], |
224 | 240 | 'CVE-2023-26485 test 1' => [ |
225 | 241 | 'ref' => 'https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5', |
226 | 242 | 'sizes' => [50, 500, 5_000], // ideally should be 1000, 10_000, 100_000 but recursive rendering makes large sizes fail |
|
294 | 310 | if (isset($_ENV['CI']) || isset($_SERVER['CI'])) { |
295 | 311 | $command = ['php', 'convert.php']; |
296 | 312 | } else { |
297 | | - $command = ['php', '-n', 'convert.php']; |
| 313 | + $command = ['php', '-n', 'convert.php', \json_encode($case['configuration'] ?? [])]; |
298 | 314 | } |
299 | 315 |
|
300 | 316 | if (isset($case['extension'])) { |
|
0 commit comments