orcs-oss/orcs-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: address remaining code scanning alerts (#253)

Browse Source
This commit is contained in:
Vasanth T
2026-04-03 20:16:53 +05:30
committed by GitHub
parent c1e5e363cd
commit 931ee96f5a
10 changed files with 87 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/commands/install-github-app/repoSlug.ts
View File

@@ -1,12 +1,24 @@
export function extractGitHubRepoSlug(value: string): string | null {
const trimmed = value.trim()
if (/^[a-z][a-z0-9+.-]*:\/\//i.test(trimmed) && !trimmed.includes('github.com')) {
return null
const slugMatch = trimmed.match(
/^(?<owner>[^/:\s]+)\/(?<repo>[^/\s]+?)(?:\.git)?\/?$/i,
)
if (slugMatch?.groups?.owner && slugMatch.groups.repo) {
return `${slugMatch.groups.owner}/${slugMatch.groups.repo}`.replace(
/\.git$/i,
'',
)
}
if (!trimmed.includes('github.com')) {
return trimmed
const shorthandUrlMatch = trimmed.match(
/^(?:https?:\/\/)?(?:www\.)?github\.com\/(?<owner>[^/:\s]+)\/(?<repo>[^/\s]+?)(?:\.git)?\/?$/i,
)
if (shorthandUrlMatch?.groups?.owner && shorthandUrlMatch.groups.repo) {
return `${shorthandUrlMatch.groups.owner}/${shorthandUrlMatch.groups.repo}`.replace(
/\.git$/i,
'',
)
}
const sshMatch = trimmed.match(
@@ -16,6 +28,10 @@ export function extractGitHubRepoSlug(value: string): string | null {
return `${sshMatch.groups.owner}/${sshMatch.groups.repo}`
}
if (/^[a-z][a-z0-9+.-]*:\/\//i.test(trimmed)) {
return null
}
try {
const parsed = new URL(trimmed)
const hostname = parsed.hostname.toLowerCase()