diff options
-rw-r--r-- | doc/build/changelog.rst | 7 | ||||
-rw-r--r-- | doc/build/unreleased/367.rst | 13 | ||||
-rw-r--r-- | mako/lexer.py | 2 | ||||
-rw-r--r-- | test/test_lexer.py | 8 |
4 files changed, 27 insertions, 3 deletions
diff --git a/doc/build/changelog.rst b/doc/build/changelog.rst index b3f06fd..5ca49de 100644 --- a/doc/build/changelog.rst +++ b/doc/build/changelog.rst @@ -22,7 +22,12 @@ Changelog correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large - number of quotes within its quoted sections. + number of quotes within its quoted sections. Credit to Sebastian + Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. .. changelog:: :version: 1.2.1 diff --git a/doc/build/unreleased/367.rst b/doc/build/unreleased/367.rst new file mode 100644 index 0000000..6798e6e --- /dev/null +++ b/doc/build/unreleased/367.rst @@ -0,0 +1,13 @@ +.. change:: + :tags: bug, lexer + :tickets: 367 + + Fixed issue in lexer in the same category as that of :ticket:`366` where + the regexp used to match an end tag didn't correctly organize for matching + characters surrounded by whitespace, leading to high memory / interpreter + hang if a closing tag incorrectly had a large amount of unterminated space + in it. Credit to Sebastian Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. diff --git a/mako/lexer.py b/mako/lexer.py index 77a2483..75182f8 100644 --- a/mako/lexer.py +++ b/mako/lexer.py @@ -322,7 +322,7 @@ class Lexer: return True def match_tag_end(self): - match = self.match(r"\</%[\t ]*(.+?)[\t ]*>") + match = self.match(r"\</%[\t ]*([^\t ]+?)[\t ]*>") if match: if not len(self.tag): raise exceptions.SyntaxException( diff --git a/test/test_lexer.py b/test/test_lexer.py index a7b6fe3..f4983a3 100644 --- a/test/test_lexer.py +++ b/test/test_lexer.py @@ -148,7 +148,13 @@ class LexerTest(TemplateTest): """ assert_raises(exceptions.CompileException, Lexer(template).parse) - def test_tag_many_quotes(self): + def test_closing_tag_many_spaces(self): + """test #367""" + template = '<%def name="foo()"> this is a def. </%' + " " * 10000 + assert_raises(exceptions.SyntaxException, Lexer(template).parse) + + def test_opening_tag_many_quotes(self): + """test #366""" template = "<%0" + '"' * 3000 assert_raises(exceptions.SyntaxException, Lexer(template).parse) |