oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't allow more than 10 repetitions in one pattern

Browse source
This commit is contained in:
shortcutme 2017-07-15 01:30:53 +02:00
parent 0e930efd95
commit ac1a03d17b
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/util/SafeRe.py
View file

@ -14,6 +14,11 @@ def isSafePattern(pattern):
unsafe_pattern_match = re.search("[^\.][\*\{\+]", pattern) # Always should be "." before "*{+" characters to avoid ReDoS unsafe_pattern_match = re.search("[^\.][\*\{\+]", pattern) # Always should be "." before "*{+" characters to avoid ReDoS
if unsafe_pattern_match: if unsafe_pattern_match:
raise UnsafePatternError("Potentially unsafe part of the pattern: %s" % unsafe_pattern_match.group(0)) raise UnsafePatternError("Potentially unsafe part of the pattern: %s" % unsafe_pattern_match.group(0))
repetitions = re.findall("\.[\*\{\+]", pattern)
if len(repetitions) >= 10:
raise UnsafePatternError("More than 10 repetitions of %s" % repetitions[0])
return True return True