Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

#753 500 error: Project user search is vulnerable to regex injection

Milestone: v1.0.0

Status: closed

Owner: Jenny Steele

Labels: sf-2 (994)

Component: General

Reviewer: nobody

Updated: 2015-08-20

Created: 2010-07-20

Creator: Rick Copeland

Private: No

The search string is directly inserted into the regex. It should instead be escaped using re.escape

Related

Tickets: ~~#772~~

Discussion

Rick Copeland - 2010-07-30

assigned_to: Jenny Steele

custom_field__size: 1 --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Rick Copeland - 2010-07-30

To demonstrate the 500 error, just start the search with a *

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jenny Steele - 2010-07-30

status: open --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jenny Steele - 2010-07-30

status: code-review --> validation
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2010-08-03

Originally by: n_oostendorp

status: validation --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.