Potential fix for code scanning alert no. 1: Missing regular expressi…

…on anchor (#15) Why === * Code scanning noted this regex was missing an anchor to protect against sanitation. This is low risk because these plugins are coming from the CLI, but let's fix it anyway. What changed === * Add start and end of line anchors Test plan === * CI passes Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
replit · Feb 20, 2025 · 9d7e808 · 9d7e808
1 parent d23c21d
commit 9d7e808
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cmd/eiam/plugins.go b/cmd/eiam/plugins.go
@@ -91,7 +91,7 @@ func newCmdPluginsInstall() *cobra.Command {
 			with. See 'eiam plugins auth --help' for more details.
 		`),
 		Args: func(cmd *cobra.Command, args []string) error {
-			urlRegex := regexp.MustCompile(`github\.com/(?P<user>[[:alnum:]\-]+)/(?P<repo>[[:alnum:]\.\-_]+)`)
+			urlRegex := regexp.MustCompile(`^github\.com/(?P<user>[[:alnum:]\-]+)/(?P<repo>[[:alnum:]\.\-_]+)$`)
 			match := urlRegex.FindStringSubmatch(url)
 			if match == nil {
 				err := fmt.Errorf("%s is not a valid Github repo URL", url)