diff options
author | Mike Bayer <mike_mp@zzzcomputing.com> | 2022-09-22 14:52:59 -0400 |
---|---|---|
committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2022-09-22 14:58:02 -0400 |
commit | 0babe1c6acd5b6e19ba9906251763c28b17f3b39 (patch) | |
tree | c3043f2bc9f41fc8bbe64cb3a500a1f0e29ee741 | |
parent | c2f392e0be52dc67d1b9770ab8cce6a9c736d547 (diff) | |
download | mako-0babe1c6acd5b6e19ba9906251763c28b17f3b39.tar.gz |
replace "dot" with "set not containing whitespace"
Fixed issue in lexer in the same category as that of :ticket:`366` where
the regexp used to match an end tag didn't correctly organize for matching
characters surrounded by whitespace, leading to high memory / interpreter
hang if a closing tag incorrectly had a large amount of unterminated space
in it. Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is **never** appropriate to create
templates that contain untrusted input.
Fixes: #367
Change-Id: I2f3a8665e92c1b6efcf36b1dba6e58fe0975b7da
-rw-r--r-- | doc/build/changelog.rst | 7 | ||||
-rw-r--r-- | doc/build/unreleased/367.rst | 13 | ||||
-rw-r--r-- | mako/lexer.py | 2 | ||||
-rw-r--r-- | test/test_lexer.py | 8 |
4 files changed, 27 insertions, 3 deletions
diff --git a/doc/build/changelog.rst b/doc/build/changelog.rst index b3f06fd..5ca49de 100644 --- a/doc/build/changelog.rst +++ b/doc/build/changelog.rst @@ -22,7 +22,12 @@ Changelog correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large - number of quotes within its quoted sections. + number of quotes within its quoted sections. Credit to Sebastian + Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. .. changelog:: :version: 1.2.1 diff --git a/doc/build/unreleased/367.rst b/doc/build/unreleased/367.rst new file mode 100644 index 0000000..6798e6e --- /dev/null +++ b/doc/build/unreleased/367.rst @@ -0,0 +1,13 @@ +.. change:: + :tags: bug, lexer + :tickets: 367 + + Fixed issue in lexer in the same category as that of :ticket:`366` where + the regexp used to match an end tag didn't correctly organize for matching + characters surrounded by whitespace, leading to high memory / interpreter + hang if a closing tag incorrectly had a large amount of unterminated space + in it. Credit to Sebastian Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. diff --git a/mako/lexer.py b/mako/lexer.py index 77a2483..75182f8 100644 --- a/mako/lexer.py +++ b/mako/lexer.py @@ -322,7 +322,7 @@ class Lexer: return True def match_tag_end(self): - match = self.match(r"\</%[\t ]*(.+?)[\t ]*>") + match = self.match(r"\</%[\t ]*([^\t ]+?)[\t ]*>") if match: if not len(self.tag): raise exceptions.SyntaxException( diff --git a/test/test_lexer.py b/test/test_lexer.py index a7b6fe3..f4983a3 100644 --- a/test/test_lexer.py +++ b/test/test_lexer.py @@ -148,7 +148,13 @@ class LexerTest(TemplateTest): """ assert_raises(exceptions.CompileException, Lexer(template).parse) - def test_tag_many_quotes(self): + def test_closing_tag_many_spaces(self): + """test #367""" + template = '<%def name="foo()"> this is a def. </%' + " " * 10000 + assert_raises(exceptions.SyntaxException, Lexer(template).parse) + + def test_opening_tag_many_quotes(self): + """test #366""" template = "<%0" + '"' * 3000 assert_raises(exceptions.SyntaxException, Lexer(template).parse) |