diff options
author | Aaron Taylor <git@ataylor.io> | 2022-11-01 15:02:51 -0400 |
---|---|---|
committer | Marcel Hellkamp <marc@gsites.de> | 2023-03-04 16:32:26 +0100 |
commit | 248f901ae7beb8c70cb46f4f8c6327e7f697319a (patch) | |
tree | 98b93ab23d13f7a57547ff1c63b0364eae6ec436 | |
parent | 18a3eb480d251b818223ae64412b128743526e08 (diff) | |
download | bottle-248f901ae7beb8c70cb46f4f8c6327e7f697319a.tar.gz |
fix #1194: Regular expression catastrophic backtracking in bottle.Router.rule_syntax
This backports the patch from aaee93a5b1dfc78cb9119797df5c766a53872c5b to the 0.12 release branch.
This fix can be validated with the following command from the issue:
python -c "import bottle; list(bottle.Router.rule_syntax.finditer('<abc:def:' + '.' * 64 + '<'))"
-rw-r--r-- | bottle.py | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -308,7 +308,7 @@ class Router(object): rule_syntax = re.compile('(\\\\*)'\ '(?:(?::([a-zA-Z_][a-zA-Z_0-9]*)?()(?:#(.*?)#)?)'\ '|(?:<([a-zA-Z_][a-zA-Z_0-9]*)?(?::([a-zA-Z_]*)'\ - '(?::((?:\\\\.|[^\\\\>]+)+)?)?)?>))') + '(?::((?:\\\\.|[^\\\\>])+)?)?)?>))') def _itertokens(self, rule): offset, prefix = 0, '' |