mirror of
https://github.com/discourse/discourse.git
synced 2025-03-09 14:34:35 +00:00
SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20001)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
This commit is contained in:
parent
5849c81f1d
commit
ec4c302708
@ -2,7 +2,7 @@
|
||||
|
||||
module GitUrl
|
||||
class << self
|
||||
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
|
||||
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
|
||||
|
||||
def normalize(url)
|
||||
if m = SSH_REGEXP.match(url)
|
||||
|
Loading…
x
Reference in New Issue
Block a user