mirror of
https://github.com/zulip/zulip.git
synced 2025-11-02 21:13:36 +00:00
db934be064
Zulip attempts to validate that the regular expressions that admins enter for linkifiers are well-formatted, and only contain a specific subset of regex grammar. The process of checking these properties (via a regex!) can cause denial-of-service via backtracking. Furthermore, this validation itself does not prevent the creation of linkifiers which themselves cause denial-of-service when they are executed. As the validator accepts literally anything inside of a `(?P<word>...)` block, any quadratic backtracking expression can be hidden therein. Switch user-provided linkifier patterns to be matched in the Markdown processor by the `re2` library, which is guaranteed constant-time. This somewhat limits the possible features of the regular expression (notably, look-head and -behind, and back-references); however, these features had never been advertised as working in the context of linkifiers. A migration removes any existing linkifiers which would not function under re2, after printing them for posterity during the upgrade; they are unlikely to be common, and are impossible to fix automatically. The denial-of-service in the linkifier validator was discovered by @erik-krogh and @yoff, as GHSL-2021-118.
16 lines
311 B
Python
16 lines
311 B
Python
# Generated by Django 3.2.7 on 2021-10-04 17:49
|
|
|
|
from typing import Any, List
|
|
|
|
from django.db import migrations
|
|
|
|
|
|
class Migration(migrations.Migration):
|
|
|
|
dependencies = [
|
|
("zerver", "0358_split_create_stream_policy"),
|
|
("zerver", "0359_re2_linkifiers"),
|
|
]
|
|
|
|
operations: List[Any] = []
|