discourse/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-09 14:34:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20001)

Browse Source 
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
This commit is contained in:
Bianca Nenciu 2023-01-25 18:55:10 +02:00 committed by GitHub
parent 5849c81f1d
commit ec4c302708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/git_url.rb
View File

@ -2,7 +2,7 @@
module GitUrl
class << self
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
def normalize(url)
if m = SSH_REGEXP.match(url)