Don't allow more than 10 repetitions in one pattern

2017-07-15 01:30:53 +02:00 · 2017-07-15 01:30:53 +02:00 · ac1a03d17b
commit ac1a03d17b
parent 0e930efd95
1 changed files with 5 additions and 0 deletions
--- a/src/util/SafeRe.py
+++ b/src/util/SafeRe.py
@ -14,6 +14,11 @@ def isSafePattern(pattern):
    unsafe_pattern_match = re.search("[^\.][\*\{\+]", pattern)  # Always should be "." before "*{+" characters to avoid ReDoS
    if unsafe_pattern_match:
        raise UnsafePatternError("Potentially unsafe part of the pattern: %s" % unsafe_pattern_match.group(0))
+
+    repetitions = re.findall("\.[\*\{\+]", pattern)
+    if len(repetitions) >= 10:
+        raise UnsafePatternError("More than 10 repetitions of %s" % repetitions[0])
+
    return True