From e0e2d0a6ac2e6c8d4bfda803165b0cf1a0a0b20b Mon Sep 17 00:00:00 2001
From: Tim Fish <tim@timfish.uk>
Date: Sat, 5 Aug 2023 17:06:37 +0200
Subject: [PATCH 1/2] fix(utils): `dirname` and `basename` should handle
 Windows paths

---
 packages/utils/src/path.ts       |  2 +-
 packages/utils/test/path.test.ts | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 packages/utils/test/path.test.ts

diff --git a/packages/utils/src/path.ts b/packages/utils/src/path.ts
index 16534a7ef358..821ad5c983a1 100644
--- a/packages/utils/src/path.ts
+++ b/packages/utils/src/path.ts
@@ -51,7 +51,7 @@ function normalizeArray(parts: string[], allowAboveRoot?: boolean): string[] {
 
 // Split a filename into [root, dir, basename, ext], unix version
 // 'root' is just a slash, or nothing.
-const splitPathRe = /^(\/?|)([\s\S]*?)((?:\.{1,2}|[^/]+?|)(\.[^./]*|))(?:[/]*)$/;
+const splitPathRe = /^(\S+:\\|\/?)([\s\S]*?)((?:\.{1,2}|[^/\\]+?|)(\.[^./\\]*|))(?:[/\\]*)$/;
 /** JSDoc */
 function splitPath(filename: string): string[] {
   const parts = splitPathRe.exec(filename);
diff --git a/packages/utils/test/path.test.ts b/packages/utils/test/path.test.ts
new file mode 100644
index 000000000000..6751dbfc9c56
--- /dev/null
+++ b/packages/utils/test/path.test.ts
@@ -0,0 +1,29 @@
+import { basename, dirname } from '../src/path';
+
+describe('path', () => {
+  describe('basename', () => {
+    test('unix', () => {
+      expect(basename('/foo/bar/baz/asdf/quux.html')).toEqual('quux.html');
+      expect(basename('../baz/asdf/quux.html')).toEqual('quux.html');
+      expect(basename('quux.html')).toEqual('quux.html');
+    });
+    test('windows', () => {
+      expect(basename('c:\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('quux.html');
+      expect(basename('..\\bar\\baz\\asdf\\quux.html')).toEqual('quux.html');
+      expect(basename('quux.html')).toEqual('quux.html');
+    });
+  });
+
+  describe('dirname', () => {
+    test('unix', () => {
+      expect(dirname('/foo/bar/baz/asdf/quux.html')).toEqual('/foo/bar/baz/asdf');
+      expect(dirname('../baz/asdf/quux.html')).toEqual('../baz/asdf');
+      expect(dirname('/quux.html')).toEqual('/');
+    });
+    test('windows', () => {
+      expect(dirname('C:\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('C:\\foo\\bar\\baz\\asdf');
+      expect(dirname('..\\bar\\baz\\asdf\\quux.html')).toEqual('..\\bar\\baz\\asdf');
+      expect(dirname('quux.html')).toEqual('.');
+    });
+  });
+});

From d677bd1717376d30908c93ab77c2e4debd027028 Mon Sep 17 00:00:00 2001
From: Tim Fish <tim@timfish.uk>
Date: Mon, 7 Aug 2023 14:04:35 +0200
Subject: [PATCH 2/2] Fix regex dos

---
 packages/utils/src/path.ts       | 5 ++++-
 packages/utils/test/path.test.ts | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/utils/src/path.ts b/packages/utils/src/path.ts
index 821ad5c983a1..7a65aa57b7c8 100644
--- a/packages/utils/src/path.ts
+++ b/packages/utils/src/path.ts
@@ -54,7 +54,10 @@ function normalizeArray(parts: string[], allowAboveRoot?: boolean): string[] {
 const splitPathRe = /^(\S+:\\|\/?)([\s\S]*?)((?:\.{1,2}|[^/\\]+?|)(\.[^./\\]*|))(?:[/\\]*)$/;
 /** JSDoc */
 function splitPath(filename: string): string[] {
-  const parts = splitPathRe.exec(filename);
+  // Truncate files names greater than 1024 characters to avoid regex dos
+  // https://github.com/getsentry/sentry-javascript/pull/8737#discussion_r1285719172
+  const truncated = filename.length > 1024 ? `<truncated>${filename.slice(-1024)}` : filename;
+  const parts = splitPathRe.exec(truncated);
   return parts ? parts.slice(1) : [];
 }
 
diff --git a/packages/utils/test/path.test.ts b/packages/utils/test/path.test.ts
index 6751dbfc9c56..3ba750830f1b 100644
--- a/packages/utils/test/path.test.ts
+++ b/packages/utils/test/path.test.ts
@@ -4,11 +4,13 @@ describe('path', () => {
   describe('basename', () => {
     test('unix', () => {
       expect(basename('/foo/bar/baz/asdf/quux.html')).toEqual('quux.html');
+      expect(basename('foo/bar/baz/asdf/quux.html')).toEqual('quux.html');
       expect(basename('../baz/asdf/quux.html')).toEqual('quux.html');
       expect(basename('quux.html')).toEqual('quux.html');
     });
     test('windows', () => {
       expect(basename('c:\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('quux.html');
+      expect(basename('\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('quux.html');
       expect(basename('..\\bar\\baz\\asdf\\quux.html')).toEqual('quux.html');
       expect(basename('quux.html')).toEqual('quux.html');
     });
@@ -17,11 +19,13 @@ describe('path', () => {
   describe('dirname', () => {
     test('unix', () => {
       expect(dirname('/foo/bar/baz/asdf/quux.html')).toEqual('/foo/bar/baz/asdf');
+      expect(dirname('foo/bar/baz/asdf/quux.html')).toEqual('foo/bar/baz/asdf');
       expect(dirname('../baz/asdf/quux.html')).toEqual('../baz/asdf');
       expect(dirname('/quux.html')).toEqual('/');
     });
     test('windows', () => {
       expect(dirname('C:\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('C:\\foo\\bar\\baz\\asdf');
+      expect(dirname('\\foo\\bar\\baz\\asdf\\quux.html')).toEqual('\\foo\\bar\\baz\\asdf');
       expect(dirname('..\\bar\\baz\\asdf\\quux.html')).toEqual('..\\bar\\baz\\asdf');
       expect(dirname('quux.html')).toEqual('.');
     });