From ec4c30270887366dc28788bc4ab8a22a098573cd Mon Sep 17 00:00:00 2001
From: Bianca Nenciu <nbianca@users.noreply.github.com>
Date: Wed, 25 Jan 2023 18:55:10 +0200
Subject: [PATCH] SECURITY: Prevent ReDOS by making the SSH url regex
 unambiguous (#20001)

Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
---
 lib/git_url.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/git_url.rb b/lib/git_url.rb
index 9410c1d3f86..90eefc0eb95 100644
--- a/lib/git_url.rb
+++ b/lib/git_url.rb
@@ -2,7 +2,7 @@
 
 module GitUrl
   class << self
-    SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
+    SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/
 
     def normalize(url)
       if m = SSH_REGEXP.match(url)