From acd74603685c351b5135742c875963727ed51576 Mon Sep 17 00:00:00 2001
From: Kenichi Kamiya <kachick1@gmail.com>
Date: Sat, 26 Sep 2015 01:41:41 +0900
Subject: [PATCH] Fix a regex in Bcrypt::Password.valid_hash? and
 Bcrypt::Engine.valid_salt?

---
 lib/bcrypt/engine.rb         | 2 +-
 lib/bcrypt/password.rb       | 2 +-
 spec/bcrypt/password_spec.rb | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/bcrypt/engine.rb b/lib/bcrypt/engine.rb
index 2204843..ca57da0 100644
--- a/lib/bcrypt/engine.rb
+++ b/lib/bcrypt/engine.rb
@@ -80,7 +80,7 @@ def self.generate_salt(cost = self.cost)
 
     # Returns true if +salt+ is a valid bcrypt() salt, false if not.
     def self.valid_salt?(salt)
-      !!(salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/)
+      !!(salt =~ /\A\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}\z/)
     end
 
     # Returns true if +secret+ is a valid bcrypt() secret, false if not.
diff --git a/lib/bcrypt/password.rb b/lib/bcrypt/password.rb
index 554967c..94bccb2 100644
--- a/lib/bcrypt/password.rb
+++ b/lib/bcrypt/password.rb
@@ -47,7 +47,7 @@ def create(secret, options = {})
       end
 
       def valid_hash?(h)
-        /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/ === h
+        /\A\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}\z/ === h
       end
     end
 
diff --git a/spec/bcrypt/password_spec.rb b/spec/bcrypt/password_spec.rb
index f880f1c..a818a7b 100644
--- a/spec/bcrypt/password_spec.rb
+++ b/spec/bcrypt/password_spec.rb
@@ -108,6 +108,7 @@
 describe "Validating a generated salt" do
   specify "should not accept an invalid salt" do
     expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
+    expect(BCrypt::Engine.valid_salt?("invalid\n#{BCrypt::Engine.generate_salt}\ninvalid")).to eq(false)
   end
   specify "should accept a valid salt" do
     expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
@@ -117,6 +118,7 @@
 describe "Validating a password hash" do
   specify "should not accept an invalid password" do
     expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
+    expect(BCrypt::Password.valid_hash?("invalid\n#{BCrypt::Password.create "i_am_so_valid"}\ninvalid")).to be(false)
   end
   specify "should accept a valid password" do
     expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)