paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 12:33:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

openapi: Use more carefully-constructed regexes for markdown extension.

Browse Source 
This removes a false-positive ReDoS, since the input is always
checked-in code.  It also incidentally refactors to make the regexes
be more explicit about the values they expect, and removes unnecessary
capturing groups.

It removes an optional parenthesized status code for fixtures,
unnecessary since 981e4f8946, as well as
optional key-value language options, unnecessary since
a2be9a0e2d.

Thank you to @erik-krogh and @yoff for bringing this to our attention.
This commit is contained in:
Alex Vandiver
2021-09-29 22:10:12 +00:00
committed by Tim Abbott
parent 206168ed28
commit f1c61fbea1
3 changed files with 38 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
zerver/openapi/test_curl_examples.py
View File

@@ -54,7 +54,7 @@ def test_generated_curl_examples_for_success(client: Client) -> None:
f = open(file_name)
for line in f:
# A typical example from the Markdown source looks like this:
# {generate_code_example(curl, ...}
# {generate_code_example(curl)|...|...}
if line.startswith("{generate_code_example(curl"):
curl_commands_to_test.append(line)
else: