Skip to content
This repository was archived by the owner on Jul 31, 2025. It is now read-only.

Potential fix for code scanning alert no. 4: Inefficient regular expression#4

Merged
builtbyjonas merged 1 commit into
mainfrom
alert-autofix-4
Jan 16, 2025
Merged

Potential fix for code scanning alert no. 4: Inefficient regular expression#4
builtbyjonas merged 1 commit into
mainfrom
alert-autofix-4

Conversation

@builtbyjonas

Copy link
Copy Markdown
Collaborator

Potential fix for https://github.com/binary-blazer/foxfork/security/code-scanning/4

To fix the problem, we need to modify the regular expression to remove the ambiguity that leads to exponential backtracking. Specifically, we can replace the problematic part [^\s"*:<>?|]+ with a more precise pattern that avoids nested quantifiers. One approach is to use a non-capturing group with an atomic group to prevent backtracking.

  • Modify the regular expression on line 76 to use an atomic group (?>...) to prevent backtracking within the group.
  • Ensure that the new regular expression maintains the same functionality and correctly validates Windows paths.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ession

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@builtbyjonas builtbyjonas marked this pull request as ready for review January 16, 2025 22:03
@builtbyjonas builtbyjonas merged commit 85ec59e into main Jan 16, 2025
@builtbyjonas builtbyjonas deleted the alert-autofix-4 branch January 16, 2025 22:03
// Regex from Julio from: https://stackoverflow.com/questions/51494579/regex-windows-path-validator
if (
!/^(?!(?:.*\s|.*\.|\W+)$)(?:[A-Za-z]:)?(?:[^\s"*:<>?|]+(?:[\/\\]+)?)+$/m.test(
!/^(?!(?:.*\s|.*\.|\W+)$)(?:[A-Za-z]:)?(?>[^\s"*:<>?|]+(?:[\/\\]+)?)+$/m.test(

Check failure

Code scanning / CodeQL

Inefficient regular expression

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '!/?>'.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants