actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2025-10-30 23:07:56 +07:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential exponential backtracking in regex in utils.parseExtensionSource

Browse Source
This commit is contained in:
Shivam Mathur
2022-01-22 02:25:58 +05:30
parent 9ca9ab33ef
commit c38f1acc38
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/index.js vendored
View File

@ -1177,7 +1177,7 @@ async function customPackage(pkg, type, version, os_version) {
} }
exports.customPackage = customPackage; exports.customPackage = customPackage;
async function parseExtensionSource(extension, prefix) { async function parseExtensionSource(extension, prefix) {
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/; const regex = /(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
const matches = regex.exec(extension); const matches = regex.exec(extension);
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com'; matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix); return await joins('\nadd_extension_from_source', ...matches.splice(1, matches.length), prefix);

3
src/utils.ts
View File

@ -492,7 +492,8 @@ export async function parseExtensionSource(
prefix: string prefix: string
): Promise<string> { ): Promise<string> {
// Groups: extension, domain url, org, repo, release // Groups: extension, domain url, org, repo, release
const regex = /(\w+)-(.+:\/\/.+(?:[.:].+)+\/)?([\w.-]+)\/([\w.-]+)@(.+)/; const regex =
/(\w+)-(\w+:\/\/.{1,253}(?:[.:][^:/\s]{2,63})+\/)?([\w.-]+)\/([\w.-]+)@(.+)/;
const matches = regex.exec(extension) as RegExpExecArray; const matches = regex.exec(extension) as RegExpExecArray;
matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com'; matches[2] = matches[2] ? matches[2].slice(0, -1) : 'https://github.com';
return await joins( return await joins(