Tell ESLint that a couple of complex regexes are okay

dscho · dscho · commit cc78f8c261a5 · 2025-08-15T17:03:17.000Z
These regular expressions only parse data that is produced by
GitGitGadget itself, not by any would-be attacker. Or at least they come
in via the mailing list archive, where emails with insanely long headers
would be dropped before they could enter.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
diff --git a/lib/git-notes.ts b/lib/git-notes.ts
@@ -219,6 +219,7 @@ export class GitNotes {
                 continue;
             }
 
+            // eslint-disable-next-line security/detect-unsafe-regex
             const removeAdd = split[i + 6].match(/^(?:-(.*)\n)?\+(.*)$/);
             if (!removeAdd) throw new Error(`Not a single modified line?\n${split[i + 6]}`);
 
diff --git a/lib/mail-archive-helper.ts b/lib/mail-archive-helper.ts
@@ -240,6 +240,7 @@ export class MailArchiveGitHelper {
         let counter = 0;
         const lineHandler = async (line: string): Promise<void> => {
             if (line.startsWith("@@ ")) {
+                // eslint-disable-next-line security/detect-unsafe-regex
                 const match = line.match(/^@@ -(\d+,)?\d+ \+(\d+,)?(\d+)?/);
                 if (match) {
                     if (counter) {
diff --git a/lib/patch-series.ts b/lib/patch-series.ts
@@ -1,3 +1,4 @@
+/* eslint-disable security/detect-unsafe-regex */
 import addressparser from "nodemailer/lib/addressparser/index.js";
 import mimeFuncs from "nodemailer/lib/mime-funcs/index.js";
 import { commitExists, git, gitConfig, gitShortHash, revListCount, revParse } from "./git.js";
diff --git a/lib/send-mail.ts b/lib/send-mail.ts
@@ -125,6 +125,7 @@ export function parseMBoxMessageIDAndReferences(parsed: IParsedMBox): { messageI
      * using regular expressions due to its recursive nature) but seems to be
      * good enough for the Git mailing list.
      */
+    // eslint-disable-next-line security/detect-unsafe-regex
     const msgIdRegex = /^\s*<([^>]+)>(\s*|,)(\([^")]*("[^"]*")?\)\s*|\([^)]*\)$)?(<.*)?$/;
     for (const header of parsed.headers ?? []) {
         if (header.key.match(/In-Reply-To|References/i)) {
diff --git a/lib/sous-chef.ts b/lib/sous-chef.ts
@@ -18,6 +18,7 @@ export class SousChef {
 
             const branches = sections[i + 1].split(/\n\* ([a-z][^]+?)\n\n/m);
             for (let j = 1; j < branches.length; j += 2) {
+                // eslint-disable-next-line security/detect-unsafe-regex
                 const match = branches[j].match(/([^ ]+).*\n *(\(merged to [^)]+\))?/m);
                 if (!match) {
                     continue;

Original file line number	Diff line number	Diff line change
`@@ -219,6 +219,7 @@ export class GitNotes {`
`219`	`219`	`continue;`
`220`	`220`	`}`
`221`	`221`
	`222`	`+ // eslint-disable-next-line security/detect-unsafe-regex`
`222`	`223`	`const removeAdd = split[i + 6].match(/^(?:-(.)\n)?\+(.)$/);`
`223`	`224`	if (!removeAdd) throw new Error(`Not a single modified line?\n${split[i + 6]}`);
`224`	`225`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+/* eslint-disable security/detect-unsafe-regex */`
`1`	`2`	`import addressparser from "nodemailer/lib/addressparser/index.js";`
`2`	`3`	`import mimeFuncs from "nodemailer/lib/mime-funcs/index.js";`
`3`	`4`	`import { commitExists, git, gitConfig, gitShortHash, revListCount, revParse } from "./git.js";`