From 4c885f33f363dc62e193c9d8f5a2200134ab6b31 Mon Sep 17 00:00:00 2001
From: wukunyu264 <wky13bj@163.com>
Date: Wed, 13 Aug 2025 17:07:05 +0800
Subject: [PATCH] Add files via upload

---
 js-tests/fen-redos.spec.js | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 js-tests/fen-redos.spec.js

diff --git a/js-tests/fen-redos.spec.js b/js-tests/fen-redos.spec.js
new file mode 100644
index 00000000..a00fd460
--- /dev/null
+++ b/js-tests/fen-redos.spec.js
@@ -0,0 +1,41 @@
+/* eslint-env mocha */
+const { expect } = require('chai');
+const { performance } = require('perf_hooks');
+const path = require('path');
+
+// —— 最小浏览器 & jQuery stub，避免 DOM 依赖 ——
+global.window = global;
+global.document = {};
+global.jQuery = function(){};
+global.$ = global.jQuery;
+
+
+const target = path.join(
+  __dirname,
+  '..',
+  'examples/wchess/wchess.wasm/chessboardjs-1.0.0/js/chessboard-1.0.0.js'
+);
+
+// 载入真实实现（会把 Chessboard 挂到全局）
+require(target);
+const Chessboard = global.Chessboard;
+
+describe('FEN sanitize ReDoS in whisper.cpp (fen = fen.replace(/ .+$/, \'\'))', function () {
+  this.timeout(60_000);
+
+  it('should complete within 2 seconds', function () {
+    const N = 100000; 
+    const attack = ' '.repeat(N) + '\n@';
+
+    const t0 = performance.now();
+    try { Chessboard.fenToObj(attack); } catch (_) {}
+    const ms = performance.now() - t0;
+
+
+    expect(ms).to.be.lessThan(2_000);
+  });
+});
+
+
+
+