diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2022-01-22 14:48:01 -0500 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2022-01-22 14:52:53 -0500 |
| commit | 567eb96cdee585e5afc08595f73247a95b255d90 (patch) | |
| tree | a1a78ded6f26b556fbe1c3a78c45c22e0ba6ecac | |
| parent | 8f720d014037afd54cd514ab4b7db3b0f9704954 (diff) | |
| download | cpython-git-bpo-46474/entrypoint-regex-fix.tar.gz | |
bpo-46474: Fix for REDoS in EntryPoint.pattern (importlib_metadata 4.10.1).bpo-46474/entrypoint-regex-fix
| -rw-r--r-- | Lib/importlib/metadata/__init__.py | 4 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py index 5ef6d9dc48..371c482209 100644 --- a/Lib/importlib/metadata/__init__.py +++ b/Lib/importlib/metadata/__init__.py @@ -156,8 +156,8 @@ class EntryPoint(DeprecatedTuple): pattern = re.compile( r'(?P<module>[\w.]+)\s*' - r'(:\s*(?P<attr>[\w.]+))?\s*' - r'(?P<extras>\[.*\])?\s*$' + r'(:\s*(?P<attr>[\w.]+)\s*)?' + r'((?P<extras>\[.*\])\s*)?$' ) """ A regular expression describing the syntax for an entry point, diff --git a/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst b/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst new file mode 100644 index 0000000000..156b7de4f6 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst @@ -0,0 +1,2 @@ +In ``importlib.metadata.EntryPoint.pattern``, avoid potential REDoS by +limiting ambiguity in consecutive whitespace. |