rpms / python-jinja2

Clone
Source Code
GIT

Blame SOURCES/CVE-2020-28493.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-extras c8 c8-beta c8-beta-stream-2.7 c8-beta-stream-3.8 c8-stream-2.7 c8-stream-3.8 c8s c8s-stream-2.7 c8s-stream-3.8 c9 c9-beta c9s-sig-cloud-openstack-caracal c9s-sig-cloud-openstack-dalmatian c9s-sig-storage-ceph-pacific
  1.   aa2c5985d72f71ebc735ac40b42f3e594cf72eed
  2.   SOURCES
  3.   CVE-2020-28493.patch
Blob History Raw
aa2c59 
From 42d67347988a9d09b940d550f1ffa32a8d7e43b2 Mon Sep 17 00:00:00 2001
aa2c59 
From: Lumir Balhar <lbalhar@redhat.com>
aa2c59 
Date: Fri, 12 Mar 2021 16:04:15 +0100
aa2c59 
Subject: [PATCH] CVE-2020-28493
aa2c59
aa2c59 
---
aa2c59 
 jinja2/utils.py | 94 +++++++++++++++++++++++++++++--------------------
aa2c59 
 1 file changed, 56 insertions(+), 38 deletions(-)
aa2c59
aa2c59 
diff --git a/jinja2/utils.py b/jinja2/utils.py
aa2c59 
index db9c5d0..6ab77f7 100644
aa2c59 
--- a/jinja2/utils.py
aa2c59 
+++ b/jinja2/utils.py
aa2c59 
@@ -12,24 +12,12 @@ import re
aa2c59 
 import json
aa2c59 
 import errno
aa2c59 
 from collections import deque
aa2c59 
+from string import ascii_letters as _letters
aa2c59 
+from string import digits as _digits
aa2c59 
 from threading import Lock
aa2c59 
 from jinja2._compat import text_type, string_types, implements_iterator, \
aa2c59 
      url_quote, abc
aa2c59
aa2c59 
-
aa2c59 
-_word_split_re = re.compile(r'(\s+)')
aa2c59 
-_punctuation_re = re.compile(
aa2c59 
-    '^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % (
aa2c59 
-        '|'.join(map(re.escape, ('(', '<', '<'))),
aa2c59 
-        '|'.join(map(re.escape, ('.', ',', ')', '>', '\n', '>')))
aa2c59 
-    )
aa2c59 
-)
aa2c59 
-_simple_email_re = re.compile(r'^\S+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+$')
aa2c59 
-_striptags_re = re.compile(r'(|<[^>]*>)')
aa2c59 
-_entity_re = re.compile(r'&([^;]+);')
aa2c59 
-_letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
aa2c59 
-_digits = '0123456789'
aa2c59 
-
aa2c59 
 # special singleton representing missing values for the runtime
aa2c59 
 missing = type('MissingType', (), {'__repr__': lambda x: 'missing'})()
aa2c59
aa2c59 
@@ -203,35 +191,65 @@ def urlize(text, trim_url_limit=None, rel=None, target=None):
aa2c59 
     trim_url = lambda x, limit=trim_url_limit: limit is not None \
aa2c59 
                          and (x[:limit] + (len(x) >=limit and '...'
aa2c59 
                          or '')) or x
aa2c59 
-    words = _word_split_re.split(text_type(escape(text)))
aa2c59 
+    words = re.split(r"(\s+)", text_type(escape(text)))
aa2c59 
     rel_attr = rel and ' rel="%s"' % text_type(escape(rel)) or ''
aa2c59 
     target_attr = target and ' target="%s"' % escape(target) or ''
aa2c59
aa2c59 
     for i, word in enumerate(words):
aa2c59 
-        match = _punctuation_re.match(word)
aa2c59 
+        head, middle, tail = "", word, ""
aa2c59 
+        match = re.match(r"^([(<]|<)+", middle)
aa2c59 
+
aa2c59 
         if match:
aa2c59 
-            lead, middle, trail = match.groups()
aa2c59 
-            if middle.startswith('www.') or (
aa2c59 
-                '@' not in middle and
aa2c59 
-                not middle.startswith('http://') and
aa2c59 
-                not middle.startswith('https://') and
aa2c59 
-                len(middle) > 0 and
aa2c59 
-                middle[0] in _letters + _digits and (
aa2c59 
-                    middle.endswith('.org') or
aa2c59 
-                    middle.endswith('.net') or
aa2c59 
-                    middle.endswith('.com')
aa2c59 
-                )):
aa2c59 
-                middle = '%s' % (middle,
aa2c59 
-                    rel_attr, target_attr, trim_url(middle))
aa2c59 
-            if middle.startswith('http://') or \
aa2c59 
-               middle.startswith('https://'):
aa2c59 
-                middle = '%s' % (middle,
aa2c59 
-                    rel_attr, target_attr, trim_url(middle))
aa2c59 
-            if '@' in middle and not middle.startswith('www.') and \
aa2c59 
-               not ':' in middle and _simple_email_re.match(middle):
aa2c59 
-                middle = '%s' % (middle, middle)
aa2c59 
-            if lead + middle + trail != word:
aa2c59 
-                words[i] = lead + middle + trail
aa2c59 
+            head = match.group()
aa2c59 
+            middle = middle[match.end() :]
aa2c59 
+
aa2c59 
+        # Unlike lead, which is anchored to the start of the string,
aa2c59 
+        # need to check that the string ends with any of the characters
aa2c59 
+        # before trying to match all of them, to avoid backtracking.
aa2c59 
+        if middle.endswith((")", ">", ".", ",", "\n", ">")):
aa2c59 
+            match = re.search(r"([)>.,\n]|>)+$", middle)
aa2c59 
+
aa2c59 
+            if match:
aa2c59 
+                tail = match.group()
aa2c59 
+                middle = middle[: match.start()]
aa2c59 
+
aa2c59 
+        if middle.startswith("www.") or (
aa2c59 
+            "@" not in middle
aa2c59 
+            and not middle.startswith("http://")
aa2c59 
+            and not middle.startswith("https://")
aa2c59 
+            and len(middle) > 0
aa2c59 
+            and middle[0] in _letters + _digits
aa2c59 
+            and (
aa2c59 
+                middle.endswith(".org")
aa2c59 
+                or middle.endswith(".net")
aa2c59 
+                or middle.endswith(".com")
aa2c59 
+            )
aa2c59 
+        ):
aa2c59 
+            middle = '%s' % (
aa2c59 
+                middle,
aa2c59 
+                rel_attr,
aa2c59 
+                target_attr,
aa2c59 
+                trim_url(middle),
aa2c59 
+            )
aa2c59 
+
aa2c59 
+        if middle.startswith("http://") or middle.startswith("https://"):
aa2c59 
+            middle = '%s' % (
aa2c59 
+                middle,
aa2c59 
+                rel_attr,
aa2c59 
+                target_attr,
aa2c59 
+                trim_url(middle),
aa2c59 
+            )
aa2c59 
+
aa2c59 
+        if (
aa2c59 
+            "@" in middle
aa2c59 
+            and not middle.startswith("www.")
aa2c59 
+            and ":" not in middle
aa2c59 
+            and re.match(r"^\S@\w[\w.-]*\.\w$", middle)
aa2c59 
+        ):
aa2c59 
+            middle = '%s' % (middle, middle)
aa2c59 
+
aa2c59 
+        words[i] = head + middle + tail
aa2c59 
+
aa2c59 
     return u''.join(words)
aa2c59
aa2c59
aa2c59 
--
aa2c59 
2.29.2
aa2c59

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation