45 lines
975 B
Plaintext
45 lines
975 B
Plaintext
== How to fix it in Python Standard Library
|
|
|
|
=== Code examples
|
|
|
|
The following noncompliant code is vulnerable to Regex Denial of Service (ReDoS)
|
|
because untrusted data is used as a regex to scan a string without prior
|
|
sanitization or validation.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
from flask import request
|
|
import re
|
|
|
|
@app.route('/lookup')
|
|
def lookup():
|
|
regex = request.args['regex']
|
|
data = request.args['data']
|
|
|
|
re.search(regex, data) # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
from flask import request
|
|
import re
|
|
|
|
@app.route('/lookup')
|
|
def lookup():
|
|
regex = request.args['regex']
|
|
data = request.args['data']
|
|
|
|
re.search(re.escape(regex), data)
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/validation.adoc[]
|
|
|
|
In the compliant solution, `re.escape` escapes metacharacters and escape sequences that
|
|
could have broken the initially intended logic.
|