Conversation
| r"https?://codeload.github.com/(?P<namespace>.+)/(?P<name>.+)/" | ||
| r"(zip|tar.gz|tar.bz2|tgz)/(.*/)*" | ||
| r"https?://codeload\.github\.com/(?P<namespace>.+)/(?P<name>.+)/" | ||
| r"(zip|tar\.gz|tar\.bz2|tgz)/([^/]*/)*" |
There was a problem hiding this comment.
Reason for this change from (.*/)* to ([^/]*/)* can be found here:
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
| r"https?://github\.com/downloads/(?P<namespace>.+)/(?P<name>.+)/" | ||
| r"((?P=name)(-|@)?)?" | ||
| r"(?P<version_prefix>v|V?)(?P<version>.+).(zip|tar.gz|tar.bz2|.tgz)" | ||
| r"(?P<version_prefix>v|V?)(?P<version>.+)\.(zip|tar\.gz|tar\.bz2|tgz)" |
There was a problem hiding this comment.
This also fixes a bug with tgz files, since it would previously match
v1.2.3.tgz as { version="1.2.", extension=".tgz" }
as opposed to { version="1.2.3", extension="tgz" }
due to the double unescaped . here.
See for clarification: https://regex101.com/r/luaRIy/1
|
Thanks! do you mind to resolve the conflicts that emerged since so we can merge? |
|
@pombredanne I've resolved the merge conflicts |
pombredanne
left a comment
pombredanne
left a comment
There was a problem hiding this comment.
Thanks and sorry for the late review: can you ensure that you do not mixing changing the values and updating the coding in the same PR?
| # https://sourceforge.net/projects/spacesniffer/files/spacesniffer_1_3_0_2.zip/download | ||
| sourceforge_download_pattern_bis = ( | ||
| r"^https?://.*sourceforge.net/projects/" | ||
| r"^https?://((master|iweb)\.dl\.)?sourceforge\.net/projects/" |
There was a problem hiding this comment.
There are many subdomains ... so we cannot limit this to master or iweb
2 participants
Fixes #140