Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Prevent ReDOS by making the SSH url regex unambiguous (#20001)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
  • Loading branch information
nbianca and danielwaterworth committed Jan 25, 2023
1 parent 5849c81 commit ec4c302
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/git_url.rb
Expand Up @@ -2,7 +2,7 @@

module GitUrl
class << self
SSH_REGEXP = /(\w+@(\w+\.)*\w+):(.*)/
SSH_REGEXP = /\A(\w+@\w+(\.\w+)*):(.*)\z/

def normalize(url)
if m = SSH_REGEXP.match(url)
Expand Down

0 comments on commit ec4c302

Please sign in to comment.