Skip to content

Potential fix for code scanning alert no. 2: Overly permissive regular expression range #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Potential fix for code scanning alert no. 2: Overly permissive regular expression range #109

wants to merge 1 commit into from

Conversation

@habib-deriv
Copy link
Contributor

Potential fix for https://github.com/deriv-com/deriv-utils/security/code-scanning/2

To fix the issue, we need to replace the overly permissive range ,-; with an explicit list of the intended characters: ,, -, and ;. This ensures that the regex matches only the desired characters and avoids unintended matches. The corrected regex will explicitly list all allowed characters without relying on ambiguous ranges.

The specific change will be made to the addressState pattern on line 34. The updated regex will replace ,-; with ,;- to explicitly include only the intended characters.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@habib-deriv @github-advanced-security
Potential fix for code scanning alert no. 2: Overly permissive regula…
cc873ac 
…r expression range

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented May 22, 2025
edited
Loading

Deploying deriv-utils with  Cloudflare Pages  Cloudflare Pages

Latest commit: cc873ac
Status: ✅  Deploy successful!
Preview URL: https://6c8be45b.deriv-utils.pages.dev
Branch Preview URL: https://habib-code-scaning-issue-fix.deriv-utils.pages.dev

View logs

@github-actions
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

@habib-deriv habib-deriv marked this pull request as ready for review May 22, 2025 09:09
@coveralls
Copy link
Collaborator

Pull Request Test Coverage Report for Build 15182578449

Details

  • 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 99.829%
Totals Coverage Status
Change from base Build 15182546500: 0.0%
Covered Lines: 583
Relevant Lines: 583
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yashim-deriv yashim-deriv Awaiting requested review from yashim-deriv yashim-deriv is a code owner

@niloofar-deriv niloofar-deriv Awaiting requested review from niloofar-deriv niloofar-deriv is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@habib-deriv @coveralls