oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Log problematic pattern

Browse source
This commit is contained in:
shortcutme 2017-07-27 16:29:12 +02:00
parent db8fe8d890
commit f45ecb6cf4
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/util/SafeRe.py
View file

@ -9,15 +9,15 @@ cached_patterns = {}
def isSafePattern(pattern): def isSafePattern(pattern):
if len(pattern) > 255: if len(pattern) > 255:
raise UnsafePatternError("Pattern too long: %s characters" % len(pattern)) raise UnsafePatternError("Pattern too long: %s characters in %s" % (len(pattern), pattern))
unsafe_pattern_match = re.search("[^\.][\*\{\+]", pattern) # Always should be "." before "*{+" characters to avoid ReDoS unsafe_pattern_match = re.search("[^\.][\*\{\+]", pattern) # Always should be "." before "*{+" characters to avoid ReDoS
if unsafe_pattern_match: if unsafe_pattern_match:
raise UnsafePatternError("Potentially unsafe part of the pattern: %s" % unsafe_pattern_match.group(0)) raise UnsafePatternError("Potentially unsafe part of the pattern: %s in %s" % (unsafe_pattern_match.group(0), pattern))
repetitions = re.findall("\.[\*\{\+]", pattern) repetitions = re.findall("\.[\*\{\+]", pattern)
if len(repetitions) >= 10: if len(repetitions) >= 10:
raise UnsafePatternError("More than 10 repetitions of %s" % repetitions[0]) raise UnsafePatternError("More than 10 repetitions of %s in %s" % (repetitions[0], pattern))
return True return True