Fix - Incomplete regular expression for hostnames (#1993)

Fixed the codeql issue ``` Sanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts. If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping regular-expression meta-characters such as .. Even if the check is not used in a security-critical context, the incomplete check may still cause undesirable behavior when it accidentally succeeds. ```
GoogleContainerTools · Mar 16, 2022 · 7839799 · 7839799
1 parent 34b2c34
commit 7839799
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -20,7 +20,7 @@ const (
 	// RootDir is the path to the root directory
 	RootDir = "/"
 
-	//KanikoDir is the path to the Kaniko directory
+	// KanikoDir is the path to the Kaniko directory
 	KanikoDir = "/kaniko"
 
 	IgnoreListPath = "/proc/self/mountinfo"
@@ -76,8 +76,9 @@ const (
 var ScratchEnvVars = []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}
 
 // AzureBlobStorageHostRegEx is ReqEX for Valid azure blob storage host suffix in url for AzureCloud, AzureChinaCloud, AzureGermanCloud and AzureUSGovernment
-var AzureBlobStorageHostRegEx = []string{"https://(.+?).blob.core.windows.net/(.+)",
-	"https://(.+?).blob.core.chinacloudapi.cn/(.+)",
-	"https://(.+?).blob.core.cloudapi.de/(.+)",
-	"https://(.+?).blob.core.usgovcloudapi.net/(.+)",
+var AzureBlobStorageHostRegEx = []string{
+	"https://(.+?)\\.blob\\.core\\.windows\\.net/(.+)",
+	"https://(.+?)\\.blob\\.core\\.chinacloudapi\\.cn/(.+)",
+	"https://(.+?)\\.blob\\.core\\.cloudapi\\.de/(.+)",
+	"https://(.+?)\\.blob\\.core\\.usgovcloudapi\\.net/(.+)",
 }