31 lines
1.4 KiB
Diff
31 lines
1.4 KiB
Diff
From a7cda7e6aa5334ab41b1f4b0f671be931be946ef Mon Sep 17 00:00:00 2001
|
|
From: John Hawthorn <john@hawthorn.email>
|
|
Date: Wed, 11 Jan 2023 10:14:55 -0800
|
|
Subject: [PATCH] Avoid regex backtracking in Inflector.underscore
|
|
|
|
[CVE-2023-22796]
|
|
---
|
|
activesupport/lib/active_support/inflector/methods.rb | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/activesupport-5.2.4.4/lib/active_support/inflector/methods.rb b/activesupport-5.2.4.4/lib/active_support/inflector/methods.rb
|
|
index ad136532bf..acb86fe1a4 100644
|
|
--- a/activesupport-5.2.4.4/lib/active_support/inflector/methods.rb
|
|
+++ b/activesupport-5.2.4.4/lib/active_support/inflector/methods.rb
|
|
@@ -93,8 +93,7 @@ def underscore(camel_cased_word)
|
|
return camel_cased_word unless /[A-Z-]|::/.match?(camel_cased_word)
|
|
- word = camel_cased_word.to_s.gsub("::".freeze, "/".freeze)
|
|
- word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_'.freeze }#{$2.downcase}" }
|
|
+ word = camel_cased_word.to_s.gsub("::", "/")
|
|
+ word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
|
|
- word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2'.freeze)
|
|
- word.gsub!(/([a-z\d])([A-Z])/, '\1_\2'.freeze)
|
|
+ word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
|
|
- word.tr!("-".freeze, "_".freeze)
|
|
+ word.tr!("-", "_")
|
|
word.downcase!
|
|
word
|
|
--
|
|
2.35.1
|
|
|