haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-04-27 19:05:16 +00:00
Code Issues Releases Wiki Activity

Merge pull request #7655 from haiwen/code-scan-regex

Browse Source 
fix Regular expression injection
This commit is contained in:
Ranjiwei 2025-03-24 11:09:42 +08:00 committed by GitHub
commit 75034bd9f1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
seahub/api2/views.py
View File

@ -727,8 +727,8 @@ class ItemsSearch(APIView):
all_repos = get_search_repos(username, org_id)
cache.set(cache_key, all_repos, self.USER_REPOS_CACHE_TIMEOUT)
query_result = []
# Iterator avoids loading all memory at once
safe_pattern = re.escape(query_str)
query_result = [
{
"fullpath": "/",
@ -738,7 +738,7 @@ class ItemsSearch(APIView):
"name": repo_info[3]
}
for repo_info in all_repos
if re.search(query_str, repo_info[3], re.IGNORECASE)
if re.search(safe_pattern, repo_info[3], re.IGNORECASE)
]
return Response({'results': query_result})

4
seahub/views/file.py
View File

@ -2097,7 +2097,9 @@ def view_media_file_via_share_link(request):
image_file_name = image_file_name.replace(')', '\)')
encoded_image_file_name = urllib.parse.quote(image_file_name)
p = re.compile('(%s)/lib/(%s)/file(.*?)%s\?raw=1' % (serviceURL, repo_id, encoded_image_file_name))
unsafe_pattern = '(%s)/lib/(%s)/file(.*?)%s\?raw=1' % (serviceURL, repo_id, encoded_image_file_name)
safe_pattern = re.escape(unsafe_pattern)
p = re.compile(safe_pattern)
result = re.search(p, file_content)
if not result:
return render_error(request, 'Image does not exist')