зеркало из https://github.com/github/ruby.git
[ruby/uri] Fix quadratic backtracking on invalid relative URI
https://hackerone.com/reports/1958260 https://github.com/ruby/uri/commit/9010ee2536
This commit is contained in:
Родитель
d4b662d6f8
Коммит
1eff362492
|
@ -497,8 +497,8 @@ module URI
|
|||
ret = {}
|
||||
|
||||
# for URI::split
|
||||
ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
|
||||
ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
|
||||
ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
|
||||
ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
|
||||
|
||||
# for URI::extract
|
||||
ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
|
||||
|
|
|
@ -87,4 +87,16 @@ class URI::TestParser < Test::Unit::TestCase
|
|||
URI.parse("foo@example:foo")
|
||||
end
|
||||
end
|
||||
|
||||
def test_rfc2822_parse_relative_uri
|
||||
pre = ->(length) {
|
||||
" " * length + "\0"
|
||||
}
|
||||
parser = URI::RFC2396_Parser.new
|
||||
assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
|
||||
assert_raise(URI::InvalidURIError) do
|
||||
parser.split(uri)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Загрузка…
Ссылка в новой задаче