admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

download_strategy: In regexps, only allow valid hostname characters

Browse Source 
> This regular expression has an unrestricted wildcard '.+?' which may cause 'googlecode\.com/svn' to be matched anywhere in the URL, outside the hostname.
This commit is contained in:
Issy Long 2022-04-15 16:23:54 +01:00
parent f8d9a5c2db
commit 94d8bd5d32
No known key found for this signature in database
GPG Key ID: 8247C390DADC67D4
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Library/Homebrew/download_strategy.rb
View File

@ -1404,18 +1404,18 @@ class DownloadStrategyDetector
when %r{^https?://www\.apache\.org/dyn/closer\.cgi}, when %r{^https?://www\.apache\.org/dyn/closer\.cgi},
%r{^https?://www\.apache\.org/dyn/closer\.lua} %r{^https?://www\.apache\.org/dyn/closer\.lua}
CurlApacheMirrorDownloadStrategy CurlApacheMirrorDownloadStrategy
when %r{^https?://(.+?\.)?googlecode\.com/svn}, when %r{^https?://([A-Za-z0-9\-.]+\.)?googlecode\.com/svn},
%r{^https?://svn\.}, %r{^https?://svn\.},
%r{^svn://}, %r{^svn://},
%r{^svn\+http://}, %r{^svn\+http://},
%r{^http://svn\.apache\.org/repos/}, %r{^http://svn\.apache\.org/repos/},
%r{^https?://(.+?\.)?sourceforge\.net/svnroot/} %r{^https?://([A-Za-z0-9\-.]+\.)?sourceforge\.net/svnroot/}
SubversionDownloadStrategy SubversionDownloadStrategy
when %r{^cvs://} when %r{^cvs://}
CVSDownloadStrategy CVSDownloadStrategy
when %r{^hg://}, when %r{^hg://},
%r{^https?://(.+?\.)?googlecode\.com/hg}, %r{^https?://([A-Za-z0-9\-.]+\.)?googlecode\.com/hg},
%r{^https?://(.+?\.)?sourceforge\.net/hgweb/} %r{^https?://([A-Za-z0-9\-.]+\.)?sourceforge\.net/hgweb/}
MercurialDownloadStrategy MercurialDownloadStrategy
when %r{^bzr://} when %r{^bzr://}
BazaarDownloadStrategy BazaarDownloadStrategy