SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20000)

Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
This commit is contained in:
Bianca Nenciu 2023-01-25 18:55:01 +02:00 committed by GitHub
parent d574463c2d
commit b32db6f2a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,7 +2,7 @@
module GitUrl
class << self
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
def normalize(url)
if m = SSH_REGEXP.match(url)