kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Get rid of exponential backtracks found by CodeQL

Browse source 
Since these regexps are used at build/installation, they are not
vulnerabilities.
This commit is contained in:
Nobuyoshi Nakada 2021-10-30 00:40:21 +09:00
parent 6cee10d8fd
commit 99c60d4b25
Notes: git 2021-10-30 02:23:03 +09:00
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tool/mkconfig.rb
View file

@ -88,7 +88,7 @@ File.foreach "config.status" do |line|
unless $install_name
$install_name = "ruby"
val.gsub!(/\$\$/, '$')
val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
|addr, cmd, sep, pat, rep, opt|
if addr
Regexp.new(addr[/\A\/(.*)\/\z/, 1]) =~ $install_name or next

2
tool/rbinstall.rb
View file

@ -504,7 +504,7 @@ $script_installer = Class.new(installer) do
if trans = CONFIG["program_transform_name"]
exp = []
trans.gsub!(/\$\$/, '$')
trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
|addr, cmd, sep, pat, rep, opt|
addr &&= Regexp.new(addr[/\A\/(.*)\/\z/, 1])
case cmd