fix regex in response to security scan concern in CI build

Smartsheet-JB-Brown · Smartsheet-JB-Brown · commit 5eaf8ba876a8 · 2025-04-18T16:48:28.000-07:00
diff --git a/src/shared/MarketplaceValidation.ts b/src/shared/MarketplaceValidation.ts
@@ -27,18 +27,18 @@ export function isValidGitRepositoryUrl(url: string): boolean {
 	// - https://gitlab.com/username/repo
 	// - https://bitbucket.org/username/repo
 	const httpsPattern =
-		/^https?:\/\/[a-zA-Z0-9_.-]+(\.[a-zA-Z0-9_.-]+)*\/[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+(\/.+)*(\.git)?$/
+		/^https?:\/\/(?:[a-zA-Z0-9_-]+\.)*[a-zA-Z0-9_-]+\/[a-zA-Z0-9_-]+\/[a-zA-Z0-9_-]+(?:\/[^/]+)*(?:\.git)?$/
 
 	// SSH pattern
 	// Examples:
 	// - git@github.com:username/repo.git
 	// - git@gitlab.com:username/repo.git
-	const sshPattern = /^git@[a-zA-Z0-9_.-]+(\.[a-zA-Z0-9_.-]+)*:([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)(\.git)?$/
+	const sshPattern = /^git@(?:[a-zA-Z0-9_-]+\.)*[a-zA-Z0-9_-]+:([a-zA-Z0-9_-]+)\/([a-zA-Z0-9_-]+)(?:\.git)?$/
 
 	// Git protocol pattern
 	// Examples:
 	// - git://github.com/username/repo.git
-	const gitProtocolPattern = /^git:\/\/[a-zA-Z0-9_.-]+(\.[a-zA-Z0-9_.-]+)*\/[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+(\.git)?$/
+	const gitProtocolPattern = /^git:\/\/(?:[a-zA-Z0-9_-]+\.)*[a-zA-Z0-9_-]+\/[a-zA-Z0-9_-]+\/[a-zA-Z0-9_-]+(?:\.git)?$/
 
 	return httpsPattern.test(trimmedUrl) || sshPattern.test(trimmedUrl) || gitProtocolPattern.test(trimmedUrl)
 }
