mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 08:36:42 +08:00
SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20000)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
This commit is contained in:
parent
d574463c2d
commit
b32db6f2a3
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
module GitUrl
|
module GitUrl
|
||||||
class << self
|
class << self
|
||||||
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
|
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
|
||||||
|
|
||||||
def normalize(url)
|
def normalize(url)
|
||||||
if m = SSH_REGEXP.match(url)
|
if m = SSH_REGEXP.match(url)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user