Fix github.com matching #167
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
YiMysty
approved these changes
Sep 9, 2024
parkr
reviewed
Sep 10, 2024
| @@ -283,7 +283,7 @@ def pages_dot_github_dot_com? | |||
|
|
|||
| # Is this domain owned by GitHub? | |||
| def github_domain? | |||
| !!host.downcase.end_with?("github.com") | |||
| !!host.match(/(\A|\.)github\.com\.?\z/i) | |||
There was a problem hiding this comment.
Without a test, it's a bit difficult to know what potential problematic input this also handles. In general regular expressions are much slower in Ruby than string comparisons, but moreover they're a bit harder to audit/grok. I see it matches more cases like github.com. (trailing period) and enforces either strictly github.com or a subdomain thereof, but it's not necessarily clear what other cases you might want to include.
Checking host.downcase.eql?("github.com") || host.downcase.end_with?(".github.com") could be a more direct alternative if you're interested.
There was a problem hiding this comment.
👋 Always nice to see you around!
Thanks for the feedback 🙇. Here goes: #172
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses https://github.com/github/pages-health-check/security/code-scanning/1.
It just does better URL handling by relaying on a regular expression.