Remove nested quantifiers from regex

ab5b735b · dcouture · e38dc069 · ab5b735b · ab5b735b · ab5b735b
Commit ab5b735b authored Dec 01, 2020 by dcouture
3 changed files
--- a/app/models/custom_emoji.rb
+++ b/app/models/custom_emoji.rb
@@ -17,7 +17,7 @@ class CustomEmoji < ApplicationRecord
    uniqueness: { scope: [:namespace_id, :name] },
    presence: true,
    length: { maximum: 36 },
-    format: { with: /\A([a-z0-9]+[-_]?)+[a-z0-9]+\z/ }
+    format: { with: /\A[a-z0-9][a-z0-9\-_]*[a-z0-9]\z/ }

  private


--- a/changelogs/unreleased/custom-emoji-name-validation.yml
+++ b/changelogs/unreleased/custom-emoji-name-validation.yml
+---
+title: Fix regular expression backtracking issue in custom emoji name validation
+merge_request:
+author:
+type: security
--- a/spec/models/custom_emoji_spec.rb
+++ b/spec/models/custom_emoji_spec.rb
@@ -22,6 +22,15 @@ RSpec.describe CustomEmoji do
      expect(new_emoji.errors.messages).to eq(name: ["#{emoji_name} is already being used for another emoji"])
    end

+    it 'disallows very long invalid emoji name without regular expression backtracking issues' do
+      new_emoji = build(:custom_emoji, name: 'a' * 10000 + '!', group: group)
+
+      Timeout.timeout(1) do
+        expect(new_emoji).not_to be_valid
+        expect(new_emoji.errors.messages).to eq(name: ["is too long (maximum is 36 characters)", "is invalid"])
+      end
+    end
+
    it 'disallows duplicate custom emoji names within namespace' do
      old_emoji = create(:custom_emoji, group: group)
      new_emoji = build(:custom_emoji, name: old_emoji.name, namespace: old_emoji.namespace, group: group)