Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert no. 26: Inefficient regular expression #2265

Merged
merged 3 commits into from
Nov 6, 2024

Conversation

kdinev
Copy link
Member

@kdinev kdinev commented Nov 5, 2024

Fixes https://github.com/IgniteUI/ignite-ui/security/code-scanning/26

To fix the problem, we need to modify the regular expression to remove the ambiguity that leads to exponential backtracking. Specifically, we should avoid nested quantifiers and ensure that each part of the regular expression can only match in one way.

The problematic part [\w\$\-]+(\.|\s)?[\w\$\-]* can be restructured to avoid nested quantifiers. We can achieve this by breaking down the pattern into more specific parts that do not overlap in their matching capabilities.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@coveralls
Copy link

coveralls commented Nov 5, 2024

Coverage Status

coverage: 84.637% (+0.004%) from 84.633%
when pulling 872fd25 on alert-autofix-26
into 6543c16 on master.

@kdinev kdinev marked this pull request as ready for review November 5, 2024 14:54
@kdinev kdinev requested a review from ChronosSF November 6, 2024 12:45
@ChronosSF ChronosSF merged commit 4b9798f into master Nov 6, 2024
4 checks passed
@ChronosSF ChronosSF deleted the alert-autofix-26 branch November 6, 2024 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants