Skip to content

PM-971 Allow hyphen in url - asset library #1621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Mar 26, 2025
Merged

PM-971 Allow hyphen in url - asset library #1621

Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ff855cf
Allow hyphen in url - asset library
Mar 26, 2025
a70e1a5
git copilot suggestion
Mar 26, 2025
4d24155
Redo the fix with minimal change
Mar 26, 2025
6a43f63
Codeql test
Mar 26, 2025
619b5c0
re-iterate with codeql
Mar 26, 2025
1dee45f
Retest performance
Mar 26, 2025
a0fe205
Potential fix for code scanning alert no. 27: Inefficient regular exp…
himaniraghav3 Mar 26, 2025
374be0c
revert codeql suggestion
Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/util/validation.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
/**
* regex for url validation
*/
const urlRegex = /((https?):\/\/)?(www.)?[a-z0-9]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/
const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/

Check failure

Code scanning / CodeQL

Inefficient regular expression High

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '#'.

Copilot Autofix

AI about 2 months ago

To fix the problem, we need to remove the ambiguity in the regular expression that can cause exponential backtracking. Specifically, we should modify the part [a-zA-Z0-9#-]+ to ensure that the character # is not matched in multiple ways. We can achieve this by using a more specific character class or by restructuring the regular expression to avoid ambiguous matches.

The best way to fix this without changing existing functionality is to replace [a-zA-Z0-9#-]+ with a more precise pattern that avoids ambiguity. For example, we can use [\w-]+ to match word characters and hyphens, and handle the # character separately if needed.

Suggested changeset 1
src/util/validation.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/util/validation.js b/src/util/validation.js
--- a/src/util/validation.js
+++ b/src/util/validation.js
@@ -60,3 +60,3 @@
  */
-const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/
+const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[\w-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/
 
EOF
@@ -60,3 +60,3 @@
*/
const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/
const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[\w-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/

Copilot is powered by AI and may make mistakes. Always verify output.

/**
* validation schema for add link form in assets library
Expand Down