discourse/lib/git_url.rb
Bianca Nenciu b32db6f2a3
SECURITY: Prevent ReDOS by making the SSH url regex unambiguous ()
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-01-25 18:55:01 +02:00

21 lines
386 B
Ruby

# frozen_string_literal: true
module GitUrl
class << self
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
def normalize(url)
if m = SSH_REGEXP.match(url)
url = "ssh://#{m[1]}/#{m[3]}"
end
if url.start_with?("https://github.com/") && !url.end_with?(".git")
url = url.gsub(%r{/\z}, "")
url += ".git"
end
url
end
end
end