Commit faa7e4f
GCLOUD: Bugfix: Incomplete regular expression for hostnames (#4111)
Potential fix for
[https://github.com/StackExchange/dnscontrol/security/code-scanning/44](https://github.com/StackExchange/dnscontrol/security/code-scanning/44)
To fix the problem, all literal dots in the hostname portion of the
regex must be escaped so they are treated as literal periods instead of
“any character”. Since the base URL is held in `selfLinkBasePath` and
then concatenated into the regex, the best approach is to escape the
dots in `selfLinkBasePath` at construction time (while keeping `/` and
`:` unescaped), so that the resulting full regex behaves as intended and
still clearly expresses the expected URL prefix.
Concretely, in `providers/gcloud/gcloudProvider.go`, keep
`selfLinkBasePath` as a normal string constant for use elsewhere, but
when building `networkURLCheck`, wrap `selfLinkBasePath` with
`regexp.QuoteMeta`. Then append the rest of the regex (project ID and
network name parts) as before. `regexp.QuoteMeta(selfLinkBasePath)` will
escape all regex metacharacters (including `.`), eliminating the
over-permissive matching on the host, while preserving the intended
matching of path structure and constraints on project/network names. No
new imports are needed, since `regexp` is already imported. The only
line to change is the definition of `networkURLCheck`.
_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>1 parent 95519f6 commit faa7e4f
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
44 | 44 | | |
45 | 45 | | |
46 | 46 | | |
47 | | - | |
| 47 | + | |
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
| |||
0 commit comments