From b4b17143948c6955962d65cd15062e2b8efb36a0 Mon Sep 17 00:00:00 2001
From: Yadhav Jayaraman <57544838+decyjphr@users.noreply.github.com>
Date: Fri, 30 Aug 2024 17:26:34 -0400
Subject: [PATCH] add tests and simplify Glob

---
 lib/glob.js                | 27 ++++++++-----
 test/unit/lib/glob.test.ts | 78 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+), 9 deletions(-)
 create mode 100644 test/unit/lib/glob.test.ts

diff --git a/lib/glob.js b/lib/glob.js
index d37f18ea..ea8efcef 100644
--- a/lib/glob.js
+++ b/lib/glob.js
@@ -1,24 +1,32 @@
+const _ = require('lodash')
 class Glob {
   constructor (glob) {
-    this.glob = this.sanitize(glob)
+    this.glob = glob
+    this.lodashText = _.escapeRegExp(glob)
 
     // If not a glob pattern then just match the string.
     if (!this.glob.includes('*')) {
       this.regexp = new RegExp(`.*${this.glob}.*`, 'u')
       return
     }
-
-    this.regexp = new RegExp(`^${this.glob}$`, 'u')
+    this.regexptText = this.globize(this.glob)
+    this.regexp = new RegExp(`^${this.regexptText}$`, 'u')
   }
 
-  sanitize (glob) {
+  globize (glob) {
     return glob
-      .replace(/\\/g, '\\\\')
-      .replace(/\//g, '\\/')
-      .replace(/\?/g, '([^\\/])')
-      .replace(/\./g, '\\.')
+      .replace(/\\/g, '\\\\') // escape backslashes
+      .replace(/\//g, '\\/') // escape forward slashes
+      .replace(/\./g, '\\.') // escape periods
+      .replace(/\?/g, '([^\\/])') // match any single character except /
+      .replace(/\*\*/g, '.+') // match any character except /, including /
+      .replace(/\*/g, '([^\\/]*)') // match any character except /
+  }
+
+  sanitize2 (glob) {
+    return _.escapeRegExp(glob
       .replace(/\*\*/g, '.+')
-      .replace(/\*/g, '([^\\/]*)')
+      .replace(/\*/g, '([^\\/]*)'))
   }
 
   toString () {
@@ -26,6 +34,7 @@ class Glob {
   }
 
   [Symbol.search] (s) {
+    console.log(`blob: ${this.glob} lodashText: ${this.lodashText} regexpText: ${this.regexptText} regexp: ${this.regexp} s: ${s}`)
     return s.search(this.regexp)
   }
 
diff --git a/test/unit/lib/glob.test.ts b/test/unit/lib/glob.test.ts
new file mode 100644
index 00000000..9ab09ef5
--- /dev/null
+++ b/test/unit/lib/glob.test.ts
@@ -0,0 +1,78 @@
+const Glob = require('../../../lib/Glob')
+
+describe('glob test', function () {
+
+  test('Test Glob **', () => {
+    let pattern = new Glob('**/xss')
+    let str = 'test/web/xss'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = 'test/web/xsssss'
+    expect(str.search(pattern)>=0).toBeFalsy()
+
+    pattern = new Glob('**/*.txt')
+    str = 'sub/3.txt'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = '/sub1/sub2/sub3/3.txt'
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+    pattern = new Glob('**/csrf-protection-disabled')
+    str = 'java/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = '/java/test/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+  })
+
+  test('Test Glob *', () => {
+    let str = 'web/xss'
+    let pattern = new Glob('*/xss')
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+    pattern = new Glob('./[0-9].*')
+    str = './1.gif'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = './2.gif'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = './2.'
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+    pattern = new Glob('*/csrf-protection-disabled')
+    str = 'java/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = 'rb/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+    pattern = new Glob('*/hardcoded-credential*')
+    str = 'java/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'rb/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'cs/hardcoded-credentials'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = 'java/hardcoded-credential-api-call'
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+  })
+
+  test('Test Glob no *', () => {
+    let pattern = new Glob('csrf-protection-disabled')
+    let str = 'java/hardcoded-credential-api-call'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'cs/test/hardcoded-credentials'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'rb/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = 'java/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+
+    pattern = new Glob('csrf')
+    str = 'java/hardcoded-credential-api-call'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'cs/test/hardcoded-credentials'
+    expect(str.search(pattern)>=0).toBeFalsy()
+    str = 'rb/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+    str = 'java/csrf-protection-disabled'
+    expect(str.search(pattern)>=0).toBeTruthy()
+  })
+  
+})