Match more strictly with \A and \z

Author: eregon

generate-windows-versions.rb

@@ -8,20 +8,20 @@
 # - Each path component must begin with [\w], or a more restrictive character set.
 # - Percent (`%`) shall not be allowed to avoid any percent encoding.
 WINDOWS_VERSIONS_URLS_REGEXPS = [
-  %r{^https://github\.com/oneclick/rubyinstaller2?/releases/download/\w[\w.-]*/\w[\w.-]*$},
-  %r{^https://github\.com/MSP-Greg/ruby-loco/releases/download/\w[\w.-]*/\w[\w.-]*$}
+  %r{\Ahttps://github\.com/oneclick/rubyinstaller2?/releases/download/\w[\w.-]*/\w[\w.-]*\z},
+  %r{\Ahttps://github\.com/MSP-Greg/ruby-loco/releases/download/\w[\w.-]*/\w[\w.-]*\z}
 ].freeze
 
 WINDOWS_TOOLCHAIN_VERSIONS_URLS_REGEXPS = [
-  %r{^https://github\.com/oneclick/rubyinstaller/releases/download/devkit-4\.7\.2/DevKit-mingw64-64-4\.7\.2-20130224-1432-sfx\.exe$},
-  %r{^https://github\.com/ruby/setup-msys2-gcc/releases/download/\w[\w.-]*/\w[\w@.-]*$},
-  %r{^https://github\.com/ruby/setup-msys2-gcc/releases/latest/download/\w[\w@.-]*$}
+  %r{\Ahttps://github\.com/oneclick/rubyinstaller/releases/download/devkit-4\.7\.2/DevKit-mingw64-64-4\.7\.2-20130224-1432-sfx\.exe\z},
+  %r{\Ahttps://github\.com/ruby/setup-msys2-gcc/releases/download/\w[\w.-]*/\w[\w@.-]*\z},
+  %r{\Ahttps://github\.com/ruby/setup-msys2-gcc/releases/latest/download/\w[\w@.-]*\z}
 ].freeze
 
 # Validate all the URLs in the versions json
 def validate(versions, allowed_urls_regexps)
   versions.values.flat_map(&:values).each do |url|
-    if allowed_urls_regexps.none? { |regexp| regexp =~ url }
+    if allowed_urls_regexps.none? { |regexp| regexp.match? url }
       raise SecurityError, "Unexpected URL: #{url}"
     end
   end