bpo-41712: Vulnerable regex changed #23166
Conversation
bpo-41712: Removal of Unnessery regex conditions Using suggestion For example, you can modify the sub-pattern \w+\d+ to ([A-Za-z_]*\d)+ which should Fix the issue of vulnerable regex. Test Result : Working as intended Sorry if this not much this is my first pr to big org.
bpo-41712: Removal of Vulnerable regex conditions Using suggestion ""For example, you can modify the sub-pattern \w+\d+ to ([A-Za-z_]*\d)+"" and converted to ([A-za-z_]+\d+) which should Fix the issue of vulnerable regex. Test Result : Working as intended Sorry if this not much this is my first pr to big org.
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). CLA MissingOur records indicate the following people have not signed the CLA: For legal reasons we need all the people listed to sign the CLA before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. If you have recently signed the CLA, please wait at least one business day You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst
Outdated
Show resolved
Hide resolved
…kdm.rst Co-authored-by: kj <[email protected]>
Co-authored-by: kj <[email protected]>
|
Thank you Sir for your suggestions it helped me a lot. |
|
sorry i accendenttly removed reviewer what should i do |
|
Sir what is core review |
Pixmew
changed the title
|
@Fidget-Spinner Sir can you please review the PR #23191 Thnakyou sir |
|
Sorry, I don't think you should open multiple PRs because it makes it harder to track the development of a solution. Maybe reopen this one and close the other? (I don't see any difference between the two anyways) I'm not a core developer. The These things take time - a core developer may take up to a month, or maybe even longer to take a look at your PR. So I recommend exercising patience. The core devs are mostly doing this out of their own free time. If nobody looks at your PR after maybe 2 - 4 weeks, you can comment on the bugs.python.org issue and ask for a PR. Edit: BTW you don't have to |
|
Thankyou sir but it dosent say requested review |
|
What do you think i should do |
Yes. Also I'd recommend this:
The request for review isn't required. They can review it even without that. Pinging @zooba for this, sorry for the noise generated. |
|
Ok Sir Thankyou. You have been are very Kind and helpfull. |
|
Thanks for the contribution! This doesn't need a NEWS entry, so I added the tag and removed the file (I'm worried it may concern people who read updates, because it mentions a vulnerability that they were never vulnerable to). Once CI clears, I'll merge it. |
|
For future contributions, you may also want to work from a branch in your repository, rather than |
|
Thanks you Sir |
|
No problems at all. There is no product impact from this change, so it doesn't need to be listed in the product changes :) Copying the title of the original bug is fine, though in this case we quickly determined that the title was inaccurate (but never changed it). |
Using suggestion ""For example, you can modify the sub-pattern \w+\d+ to ([A-Za-z_]*\d)+"" and converted to ([A-za-z_]+\d+)
which should Fix the issue of vulnerable regex. ""can be exploited with the following string "1.1.1"+"1" * 5000 + "!" ""
Test Result : Working as intended
Sorry if this not much this is my first pr to big org.
https://bugs.python.org/issue41712