mirror of
https://github.com/shivammathur/setup-php.git
synced 2024-11-26 13:23:05 +07:00
Fix potential exponential backtracking in regex in utils.parseExtensionSource
This commit is contained in:
parent
9ca9ab33ef
commit
c38f1acc38
2
dist/index.js
vendored
2
dist/index.js
vendored
@ -1177,7 +1177,7 @@ async function customPackage(pkg, type, version, os_version) {
|
|||||||
}
|
}
|
||||||
exports.customPackage = customPackage;
|
exports.customPackage = customPackage;
|
||||||
async function parseExtensionSource(extension, prefix) {
|
async function parseExtensionSource(extension, prefix) {
|
||||||
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
|
const regex = /(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
|
||||||
const matches = regex.exec(extension);
|
const matches = regex.exec(extension);
|
||||||
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
|
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
|
||||||
return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix);
|
return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix);
|
||||||
|
@ -492,7 +492,8 @@ export async function parseExtensionSource(
|
|||||||
prefix: string
|
prefix: string
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
// Groups: extension, domain url, org, repo, release
|
// Groups: extension, domain url, org, repo, release
|
||||||
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
|
const regex =
|
||||||
|
/(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
|
||||||
const matches = regex.exec(extension) as RegExpExecArray;
|
const matches = regex.exec(extension) as RegExpExecArray;
|
||||||
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
|
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
|
||||||
return await joins(
|
return await joins(
|
||||||
|
Loading…
Reference in New Issue
Block a user