lainns-mirror/noctalia-shell
1
0
Fork 0
mirror of https://github.com/noctalia-dev/noctalia-shell.git synced 2026-05-11 17:08:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(renderer): remove ambiguous \s* from _EXPR_RE to prevent ReDoS

Browse Source 
The pattern \s*([^}\n]+?)\s* allowed polynomial backtracking when no
closing }} was found — confirmed to hang at n=5000 whitespace chars.
The \s* wrappers were redundant since group(1) is already stripped at
the call site.

Reported and patched with @pa1va. Closes #2325
This commit is contained in:
cbxcvl
2026-03-27 13:53:32 -03:00
parent f19a19cfc6
commit e91d20ef0d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Scripts/python/src/theming/lib/renderer.py
+1 -1
View File
@@ -141,7 +141,7 @@ class TemplateRenderer:
_BLOCK_RE = re.compile(r'<\*\s*(.*?)\s*\*>', re.DOTALL)
# Regex for expression tags: {{ ... }}
_EXPR_RE = re.compile(r"\{\{\s*([^}\n]+?)\s*\}\}")
_EXPR_RE = re.compile(r"\{\{([^}\n]+?)\}\}")
def __init__(self, theme_data: dict[str, dict[str, str]], verbose: bool = True, default_mode: str = "dark", image_path: Optional[str] = None, scheme_type: str = "content"):
self.theme_data = theme_data