Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert no. 328: Inefficient regular expression #2268

Merged
merged 1 commit into from
Nov 12, 2024

Conversation

kdinev
Copy link
Member

@kdinev kdinev commented Nov 12, 2024

Fixes https://github.com/IgniteUI/ignite-ui/security/code-scanning/328

To fix the problem, we need to modify the regular expression to remove the ambiguity that causes exponential backtracking. Specifically, we should replace the ambiguous character class [\w\$\-]+ with a more precise pattern that avoids ambiguity.

The best way to fix this without changing existing functionality is to use a non-ambiguous character class. We can replace [\w\$\-]+ with (?:[\w\$-]+) to ensure that the repetition is non-ambiguous.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@coveralls
Copy link

Coverage Status

coverage: 84.637% (+0.004%) from 84.633%
when pulling f2f28d8 on alert-autofix-328
into 4b9798f on master.

@kdinev kdinev marked this pull request as ready for review November 12, 2024 12:16
@kdinev kdinev requested a review from ChronosSF November 12, 2024 12:16
@ChronosSF ChronosSF merged commit da1793f into master Nov 12, 2024
4 checks passed
@ChronosSF ChronosSF deleted the alert-autofix-328 branch November 12, 2024 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants