SECURITY: Prevent ReDoS in user agent parsing (#20002)

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2025-02-25 18:55:32 -06:00 · 2023-01-25 18:55:33 +02:00
parent b32db6f2a3
commit 6d92c3cbda
1 changed files with 3 additions and 1 deletions
--- a/lib/mobile_detection.rb
+++ b/lib/mobile_detection.rb
@@ -36,7 +36,9 @@ module MobileDetection
    Firefox\/1[0-9][0-9]
  }x

+  USER_AGENT_MAX_LENGTH = 400
+
  def self.modern_mobile_device?(user_agent)
-    user_agent.match?(MODERN_MOBILE_REGEX)
+    user_agent[0...USER_AGENT_MAX_LENGTH].match?(MODERN_MOBILE_REGEX)
  end
 end