From 848e14990ea2ee230481202ff50bf0cb880160d8 Mon Sep 17 00:00:00 2001
From: Akansh <7958962+AkanshDivker@users.noreply.github.com>
Date: Thu, 12 Jan 2023 02:14:40 -0500
Subject: [PATCH 1/2] Fix CVE-2015-20107

Implemented fix from python/cpython#91993
---
 Src/StdLib/Lib/mailcap.py | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/Src/StdLib/Lib/mailcap.py b/Src/StdLib/Lib/mailcap.py
index 04077ba0d..5f2148faa 100644
--- a/Src/StdLib/Lib/mailcap.py
+++ b/Src/StdLib/Lib/mailcap.py
@@ -1,9 +1,16 @@
 """Mailcap file handling.  See RFC 1524."""
 
 import os
+import warnings
+import re
 
 __all__ = ["getcaps","findmatch"]
 
+_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
+
+class UnsafeMailcapInput(Warning):
+    """Warning raised when refusing unsafe input"""
+
 # Part 1: top-level interface.
 
 def getcaps():
@@ -149,10 +156,13 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
     for e in entries:
         if 'test' in e:
             test = subst(e['test'], filename, plist)
+            if test is None:
+                continue
             if test and os.system(test) != 0:
                 continue
         command = subst(e[key], MIMEtype, filename, plist)
-        return command, e
+        if command is not None:
+            return command, e
     return None, None
 
 def lookup(caps, MIMEtype, key=None):
@@ -184,6 +194,10 @@ def subst(field, MIMEtype, filename, plist=[]):
             elif c == 's':
                 res = res + filename
             elif c == 't':
+                if _find_unsafe(MIMEtype):
+                    msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
+                    warnings.warn(msg, UnsafeMailcapInput)
+                    return None
                 res = res + MIMEtype
             elif c == '{':
                 start = i
@@ -191,7 +205,12 @@ def subst(field, MIMEtype, filename, plist=[]):
                     i = i+1
                 name = field[start:i]
                 i = i+1
-                res = res + findparam(name, plist)
+                param = findparam(name, plist)
+                if _find_unsafe(param):
+                    msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
+                    warnings.warn(msg, UnsafeMailcapInput)
+                    return None
+                res = res + param
             # XXX To do:
             # %n == number of parts if type is multipart/*
             # %F == list of alternating type and filename for parts

From 078406e33a14e9b6df4d9e303808c3f116023f5c Mon Sep 17 00:00:00 2001
From: Akansh <7958962+AkanshDivker@users.noreply.github.com>
Date: Thu, 12 Jan 2023 13:46:49 -0500
Subject: [PATCH 2/2] Update regex

Update regex to be Python 2 compatible.
---
 Src/StdLib/Lib/mailcap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Src/StdLib/Lib/mailcap.py b/Src/StdLib/Lib/mailcap.py
index 5f2148faa..dc394b509 100644
--- a/Src/StdLib/Lib/mailcap.py
+++ b/Src/StdLib/Lib/mailcap.py
@@ -6,7 +6,7 @@
 
 __all__ = ["getcaps","findmatch"]
 
-_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
+_find_unsafe = re.compile(r'[^\w@%+=:,./-]').search
 
 class UnsafeMailcapInput(Warning):
     """Warning raised when refusing unsafe input"""