diff options
author | Heinrich Lee Yu <heinrich@gitlab.com> | 2019-06-12 22:48:38 +0800 |
---|---|---|
committer | Heinrich Lee Yu <heinrich@gitlab.com> | 2019-06-25 09:06:26 +0800 |
commit | 717824144f8181bef524592eab882dd7525a60ef (patch) | |
tree | 34ab75284acca146e6aa0a5f16429e485e81cb97 /app/validators | |
parent | db9783f7826ed5ba58a8941dd80a1cd7dda517b0 (diff) | |
download | gitlab-ce-717824144f8181bef524592eab882dd7525a60ef.tar.gz |
Fix color validation regex
Also prevents ReDoS vulnerability
Diffstat (limited to 'app/validators')
-rw-r--r-- | app/validators/color_validator.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/validators/color_validator.rb b/app/validators/color_validator.rb index 1932d042e83..974dfbbf394 100644 --- a/app/validators/color_validator.rb +++ b/app/validators/color_validator.rb @@ -12,7 +12,7 @@ # end # class ColorValidator < ActiveModel::EachValidator - PATTERN = /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/.freeze + PATTERN = /\A\#(?:[0-9A-Fa-f]{3}){1,2}\Z/.freeze def validate_each(record, attribute, value) unless value =~ PATTERN |