diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-10-30 00:40:21 +0900 |
---|---|---|
committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-10-30 02:22:42 +0900 |
commit | 99c60d4b25040d712fbed2ffcc8e1044c5e0fe07 (patch) | |
tree | ae5a2af2b898081041d30d80af187f672f6153f0 | |
parent | 6cee10d8fd679801abcc2eb1350bb2cd81048f39 (diff) | |
download | ruby-99c60d4b25040d712fbed2ffcc8e1044c5e0fe07.tar.gz |
Get rid of exponential backtracks found by CodeQL
Since these regexps are used at build/installation, they are not
vulnerabilities.
-rwxr-xr-x | tool/mkconfig.rb | 2 | ||||
-rwxr-xr-x | tool/rbinstall.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/tool/mkconfig.rb b/tool/mkconfig.rb index 6db60724e9..6e23af5185 100755 --- a/tool/mkconfig.rb +++ b/tool/mkconfig.rb @@ -88,7 +88,7 @@ File.foreach "config.status" do |line| unless $install_name $install_name = "ruby" val.gsub!(/\$\$/, '$') - val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do + val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do |addr, cmd, sep, pat, rep, opt| if addr Regexp.new(addr[/\A\/(.*)\/\z/, 1]) =~ $install_name or next diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb index 6629b4aa73..170a1707d0 100755 --- a/tool/rbinstall.rb +++ b/tool/rbinstall.rb @@ -504,7 +504,7 @@ $script_installer = Class.new(installer) do if trans = CONFIG["program_transform_name"] exp = [] trans.gsub!(/\$\$/, '$') - trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do + trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do |addr, cmd, sep, pat, rep, opt| addr &&= Regexp.new(addr[/\A\/(.*)\/\z/, 1]) case cmd |