git-urls icon indicating copy to clipboard operation
git-urls copied to clipboard

Published 20 hours ago verified publisher icon whilp

Limit ReDOS by checking the length before running the regexp.

Open dlorenc opened this issue 2 years ago • 4 comments

Go doesn't support look-ahead assertions so I did this out of the regexp.

dlorenc avatar Nov 30 '23 19:11 dlorenc

This attempts to address CVE-2023-46402 and #24

dlorenc avatar Nov 30 '23 19:11 dlorenc

LGTM

hectorj2f avatar Dec 01 '23 11:12 hectorj2f

Tagging previous commiter for attention. @whilp @alokmenghrajani @isaaguilar Would it be possible to merge the PR and create a new release tag.

dilipkrai avatar Jan 10 '24 12:01 dilipkrai

I implemented something similar (see https://github.com/whilp/git-urls/pull/27) except I made my max len 8000, and it is still very performant.

mojotx avatar Feb 11 '24 15:02 mojotx