Replaced ruby regexp with UntrustedRegexp which uses RE2
This MR replaces the usage of Ruby's built-in regexp
with RE2, which helps prevent potential abuse. For now, this MR introduces just enough of GitLab's UntrustedRegexp
to replace the current usage of gsub
. However, in the future it would be best to allow UntrustedRegexp
to be its own gem so that this gem, GitLab's monorepo, and any other gems we may need to build outside the monorepo can share this module.
This is related to https://gitlab.com/gitlab-org/gitlab/-/issues/455013 which has been approved to be a security-fix-in-public https://gitlab.com/gitlab-org/gitlab/-/issues/455013#note_1944450170
Edited by Sam Word