Fix potential exponential backtracking in regex in utils.parseExtensionSource

2025-08-02 03:37:16 +07:00 · 2022-01-22 02:25:58 +05:30
parent 9ca9ab33ef
commit c38f1acc38
2 changed files with 3 additions and 2 deletions
--- a/src/utils.ts
+++ b/src/utils.ts
@ -492,7 +492,8 @@ export async function parseExtensionSource(
  prefix: string
 ): Promise<string> {
  // Groups: extension, domain url, org, repo, release
-  const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
+  const regex =
+    /(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
  const matches = regex.exec(extension) as RegExpExecArray;
  matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
  return await joins(