From a48c2892b0ef7bc7d9c61315f4c154ccfd920df4 Mon Sep 17 00:00:00 2001
From: Valentin Delaye <jonesbusy@users.noreply.github.com>
Date: Sat, 22 Nov 2025 16:26:19 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 38: Overly
 permissive regular expression range

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/main/java/land/oras/ArtifactType.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/land/oras/ArtifactType.java b/src/main/java/land/oras/ArtifactType.java
index bd0aa2ea..f3ec7904 100644
--- a/src/main/java/land/oras/ArtifactType.java
+++ b/src/main/java/land/oras/ArtifactType.java
@@ -57,7 +57,7 @@ public static ArtifactType from(@Nullable String artifactType) {
             return unknown();
         }
         // Must match https://datatracker.ietf.org/doc/html/rfc6838
-        if (!artifactType.matches("^[a-zA-Z0-9!#$&-^_]+/[a-zA-Z0-9!#$&-^_]+$")) {
+        if (!artifactType.matches("^[a-zA-Z0-9!#$%&'*+.^_`{|}~-]+/[a-zA-Z0-9!#$%&'*+.^_`{|}~-]+$")) {
             throw new OrasException("Invalid artifact type: %s".formatted(artifactType));
         }
         return new ArtifactType(artifactType);