Discovered 9 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/milestone.rb:62

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}
      (?:
        (?<milestone_iid>
          \d+(?!\S\w)\b # Integer-based milestone iid, or
        ) |
        (?<milestone_name>
          [^"\s]+\b |  # String-based single-word milestone title, or
          "[^"]+"      # String-based multi-word milestone surrounded in quotes
        )
      )
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/milestone.rb or mark it as false positive.