From 8b153f93d2736223b0b6acd49f6fb10ff26ed68b Mon Sep 17 00:00:00 2001
From: Simone Carletti <weppos@weppos.net>
Date: Mon, 5 Aug 2024 12:04:00 +0200
Subject: [PATCH] Fixed badly anchored regular expression

Fixes https://github.com/weppos/whois/issues/661
---
 CHANGELOG.md                            |  4 ++++
 lib/whois/server/adapters/arpa.rb       |  2 +-
 spec/whois/server/adapters/arpa_spec.rb | 13 +++++++++++--
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 509b604e9..5a4fdca9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ This project uses [Semantic Versioning 2.0.0](http://semver.org/).
 
 ## major
 
+### Fixed
+
+- Fixed badly anchored regular expression (GH-661)
+
 ### Changed
 
 - Minimum Ruby version 3.0
diff --git a/lib/whois/server/adapters/arpa.rb b/lib/whois/server/adapters/arpa.rb
index 1e4936452..e2d2bf729 100644
--- a/lib/whois/server/adapters/arpa.rb
+++ b/lib/whois/server/adapters/arpa.rb
@@ -30,7 +30,7 @@ def request(string)
         # "192.in-addr.arpa" => "192.0.0.0"
         # "in-addr.arpa" => "0.0.0.0"
         def inaddr_to_ip(string)
-          raise ServerError, "Invalid .in-addr.arpa address" unless string.match?(/^([0-9]{1,3}\.?){0,4}in-addr\.arpa$/)
+          raise ServerError, "Invalid .in-addr.arpa address" unless string.match?(/\A([0-9]{1,3}\.?){0,4}in-addr\.arpa\z/)
 
           a, b, c, d = string.scan(/[0-9]{1,3}\./).reverse
           [a, b, c, d].map do |token|
diff --git a/spec/whois/server/adapters/arpa_spec.rb b/spec/whois/server/adapters/arpa_spec.rb
index 8b9e1afc8..ec751ee70 100644
--- a/spec/whois/server/adapters/arpa_spec.rb
+++ b/spec/whois/server/adapters/arpa_spec.rb
@@ -8,13 +8,22 @@
 
   describe "#lookup" do
     it "returns the WHOIS record" do
-      response = "Whois Response"
       server = described_class.new(*definition)
-      expect(Whois::Server::Adapters::Arin.query_handler).to receive(:call).with("n + 229.128.in-addr.arpa", "whois.arin.net", 43).and_return(response)
+      expect(Whois::Server::Adapters::Arin.query_handler).to receive(:call)
+        .with("n + 229.128.in-addr.arpa", "whois.arin.net", 43)
+        .and_return(response = "Whois Response")
 
       record = server.lookup("229.128.in-addr.arpa")
       expect(record.to_s).to eq(response)
       expect(record.parts).to eq([Whois::Record::Part.new(body: response, host: "whois.arin.net")])
     end
+
+    it "discards newlines" do
+      server = described_class.new(*definition)
+
+      expect do
+        server.lookup("229.128.in-addr.arpa\nextra")
+      end.to raise_error(Whois::ServerError, "Invalid .in-addr.arpa address")
+    end
   end
 end