Skip to content

Fix scheme-less URL prefilter gaps, CVE year grammar, and registry double-space check#406

Open
fhightower wants to merge 2 commits into
mainfrom
fix-scheme-less-url-prefilter
Open

Fix scheme-less URL prefilter gaps, CVE year grammar, and registry double-space check#406
fhightower wants to merge 2 commits into
mainfrom
fix-scheme-less-url-prefilter

Conversation

@fhightower

Copy link
Copy Markdown
Owner

Changes

  • _URL_MARKER_RE now recognizes .tld:port/ and IPv4-host (1.2.3.4[:port]/) markers, so scheme-less URLs like example.com:8080/admin and 1.2.3.4/gate.php — which the scheme_less_url grammar already accepted — are no longer silently dropped by the candidate prefilter
  • Replace the CVE year grammar Word("12") + Word(nums, exact=3) (greedy, non-backtracking — failed on years whose digits are all 1s and 2s, e.g. CVE-2121-12345) with Regex(r"[12]\d{3}")
  • Fix hasMultipleConsecutiveSpaces to use re.search instead of start-anchored re.match, so registry-key sections with an internal double space no longer absorb surrounding prose into the parsed path
  • Add tests: scheme-less URL with port / IPv4 host / both, CIDR-not-URL regression with the new IPv4 marker, all-1s/2s CVE years, registry internal-double-space rejection

fhightower and others added 2 commits July 15, 2026 09:28
_URL_MARKER_RE only recognized '://' and '.tld/' markers, so scheme-less
URLs the grammar accepts — 'example.com:8080/admin' (port breaks the
'.tld/' shape) and '1.2.3.4/gate.php' (digit after the dot) — never
produced a candidate span and were silently dropped. Add ':port' to the
tld marker and an IPv4-host marker; the grammars remain the validators,
and the existing CIDR-removal pass keeps '1.1.1.1/0' out of urls.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…paces

- The CVE year grammar 'Word("12") + Word(nums, exact=3)' was greedy and
  non-backtracking, so years whose digits are all 1s and 2s (e.g.
  CVE-2121-12345) consumed every digit in the first Word and failed.
  Replace with Regex('[12]\\d{3}'), matching the candidate regex.
- hasMultipleConsecutiveSpaces used start-anchored re.match, so a
  registry-key section with an *internal* double space passed the check
  and surrounding prose was absorbed into the parsed path. Use re.search.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant