mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 05:47:45 +08:00
SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20000)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
This commit is contained in:
parent
d574463c2d
commit
b32db6f2a3
|
@ -2,7 +2,7 @@
|
|||
|
||||
module GitUrl
|
||||
class << self
|
||||
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
|
||||
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
|
||||
|
||||
def normalize(url)
|
||||
if m = SSH_REGEXP.match(url)
|
||||
|
|
Loading…
Reference in New Issue
Block a user