mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
Get rid of exponential backtracks found by CodeQL
Since these regexps are used at build/installation, they are not vulnerabilities.
This commit is contained in:
Nobuyoshi Nakada
parent
6cee10d8fd
commit
99c60d4b25
Notes:
git
2021-10-30 02:23:03 +09:00
2 changed files with 2 additions and 2 deletions
|
|
@ -88,7 +88,7 @@ File.foreach "config.status" do |line|
|
||||||
unless $install_name
|
unless $install_name
|
||||||
$install_name = "ruby"
|
$install_name = "ruby"
|
||||||
val.gsub!(/\$\$/, '$')
|
val.gsub!(/\$\$/, '$')
|
||||||
val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
|
val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
|
||||||
|addr, cmd, sep, pat, rep, opt|
|
|addr, cmd, sep, pat, rep, opt|
|
||||||
if addr
|
if addr
|
||||||
Regexp.new(addr[/\A\/(.*)\/\z/, 1]) =~ $install_name or next
|
Regexp.new(addr[/\A\/(.*)\/\z/, 1]) =~ $install_name or next
|
||||||
|
|
|
||||||
|
|
@ -504,7 +504,7 @@ $script_installer = Class.new(installer) do
|
||||||
if trans = CONFIG["program_transform_name"]
|
if trans = CONFIG["program_transform_name"]
|
||||||
exp = []
|
exp = []
|
||||||
trans.gsub!(/\$\$/, '$')
|
trans.gsub!(/\$\$/, '$')
|
||||||
trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
|
trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
|
||||||
|addr, cmd, sep, pat, rep, opt|
|
|addr, cmd, sep, pat, rep, opt|
|
||||||
addr &&= Regexp.new(addr[/\A\/(.*)\/\z/, 1])
|
addr &&= Regexp.new(addr[/\A\/(.*)\/\z/, 1])
|
||||||
case cmd
|
case cmd
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue