Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(rest): fix incomplete hostname in regexp #6813

Merged
merged 1 commit into from Nov 20, 2020
Merged

Conversation

raymondfeng
Copy link
Contributor

@raymondfeng raymondfeng commented Nov 19, 2020

Github code scan reports the following issue:

Incomplete regular expression for hostnames
Matching a URL or hostname against a regular expression that contains an
unescaped dot as part of the hostname might match more hostnames than
expected.

See https://github.com/strongloop/loopback-next/security/code-scanning/6?query=ref%3Arefs%2Fheads%2Fmaster

Signed-off-by: Raymond Feng enjoyjava@gmail.com

Checklist

  • DCO (Developer Certificate of Origin) signed in all commits
  • npm test passes on your machine
  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style guide
  • API Documentation in code was updated
  • Documentation in /docs/site was updated
  • Affected artifact templates in packages/cli were updated
  • Affected example projects in examples/* were updated

馃憠 Check out how to submit a PR 馃憟

Github code scan reports the following issue:

Incomplete regular expression for hostnames
Matching a URL or hostname against a regular expression that contains an
unescaped dot as part of the hostname might match more hostnames than
expected.

Signed-off-by: Raymond Feng <enjoyjava@gmail.com>
Copy link
Member

@bajtos bajtos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 馃憤馃徎

@bajtos bajtos added the REST Issues related to @loopback/rest package and REST transport in general label Nov 20, 2020
@raymondfeng raymondfeng merged commit dd5c210 into master Nov 20, 2020
1 of 2 checks passed
@raymondfeng raymondfeng deleted the fix-url-regexp branch November 20, 2020 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
REST Issues related to @loopback/rest package and REST transport in general SECURITY
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants