From 30db5a4652dd65f7de47871dd41161d45de11c34 Mon Sep 17 00:00:00 2001 From: Vadim Ushakov Date: Wed, 20 Oct 2021 19:01:55 +0700 Subject: [PATCH 1/2] Fix https://github.com/HelloZeroNet/ZeroNet/issues/2757 --- src/util/SafeRe.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/util/SafeRe.py b/src/util/SafeRe.py index 6018e2d3..20827f38 100644 --- a/src/util/SafeRe.py +++ b/src/util/SafeRe.py @@ -15,9 +15,10 @@ def isSafePattern(pattern): if unsafe_pattern_match: raise UnsafePatternError("Potentially unsafe part of the pattern: %s in %s" % (unsafe_pattern_match.group(0), pattern)) - repetitions = re.findall(r"\.[\*\{\+]", pattern) - if len(repetitions) >= 10: - raise UnsafePatternError("More than 10 repetitions of %s in %s" % (repetitions[0], pattern)) + repetitions1 = re.findall(r"\.[\*\{\+]", pattern) + repetitions2 = re.findall(r"[^(][?]", pattern) + if len(repetitions1) + len(repetitions2) >= 10: + raise UnsafePatternError("More than 10 repetitions in %s" % pattern) return True From 5fadd5f9bda78e307e82e52e4f889c2ff755e950 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 31 Jul 2023 08:28:29 +0000 Subject: [PATCH 2/2] Improve SafeRe code readability function isSafePattern was never used as boolean function, its only useful behaviour being raising exception on bad regexp, so it's renamed and reused accordingly --- plugins/Sidebar/ConsolePlugin.py | 5 ++--- src/util/SafeRe.py | 12 ++++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/plugins/Sidebar/ConsolePlugin.py b/plugins/Sidebar/ConsolePlugin.py index 15f6a1ba..12d49fbf 100644 --- a/plugins/Sidebar/ConsolePlugin.py +++ b/plugins/Sidebar/ConsolePlugin.py @@ -14,8 +14,7 @@ class WsLogStreamer(logging.StreamHandler): self.ui_websocket = ui_websocket if filter: - if not SafeRe.isSafePattern(filter): - raise Exception("Not a safe prex pattern") + SafeRe.guard(filter): self.filter_re = re.compile(".*" + filter) else: self.filter_re = None @@ -55,7 +54,7 @@ class UiWebsocketPlugin(object): pos_start = log_file.tell() lines = [] if filter: - assert SafeRe.isSafePattern(filter) + SafeRe.guard(filter) filter_re = re.compile(".*" + filter) last_match = False diff --git a/src/util/SafeRe.py b/src/util/SafeRe.py index 20827f38..30aa1f29 100644 --- a/src/util/SafeRe.py +++ b/src/util/SafeRe.py @@ -7,7 +7,8 @@ class UnsafePatternError(Exception): cached_patterns = {} -def isSafePattern(pattern): +def guard(pattern): + '''Checks if pattern is safe and raises exception if it isn't''' if len(pattern) > 255: raise UnsafePatternError("Pattern too long: %s characters in %s" % (len(pattern), pattern)) @@ -20,14 +21,13 @@ def isSafePattern(pattern): if len(repetitions1) + len(repetitions2) >= 10: raise UnsafePatternError("More than 10 repetitions in %s" % pattern) - return True - def match(pattern, *args, **kwargs): + '''Guard for safety, compile, cache and match regexp''' cached_pattern = cached_patterns.get(pattern) if cached_pattern: return cached_pattern.match(*args, **kwargs) else: - if isSafePattern(pattern): - cached_patterns[pattern] = re.compile(pattern) - return cached_patterns[pattern].match(*args, **kwargs) + guard(pattern) + cached_patterns[pattern] = re.compile(pattern) + return cached_patterns[pattern].match(*args, **kwargs)