foundation-sites icon indicating copy to clipboard operation
foundation-sites copied to clipboard

Published 20 hours ago verified publisher icon foundation

fix: prevent ReDoS in URL regex pattern

Open bbonillachavez opened this issue 7 months ago • 2 comments
trafficstars

Description

This PR updates the URL validation regex in foundation.abide.js to address the ReDoS vulnerability. I plugged the new regex into -- https://regexr.com/ -- and made sure it matched the same cases as the old one. I used this ReDoS checker -- https://devina.io/redos-checker -- to ensure that the new regex wasn't vulnerable.

Types of changes

  • [ ] Documentation
  • [X] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (anything that would change an existing functionality)
  • [ ] Maintenance (refactor, code cleaning, development tools...)

Checklist

  • [X] I have read and follow the CONTRIBUTING.md document.
  • [X] The pull request title and template are correctly filled.
  • [X] The pull request targets the right branch (develop or develop-v...).
  • [X] My commits are correctly titled and contain all relevant information.
  • [X] I have updated the documentation accordingly to my changes (if relevant).
  • [X] I have added tests to cover my changes (if relevant).

bbonillachavez avatar Apr 11 '25 21:04 bbonillachavez