-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address Regular Expression Denial of Service vulnerability #12280
Address Regular Expression Denial of Service vulnerability #12280
Conversation
rasa/core/channels/slack.py
Outdated
@@ -268,21 +268,23 @@ def _sanitize_user_message( | |||
uids_to_remove = uids_to_remove or [] | |||
|
|||
for uid_to_remove in uids_to_remove: | |||
escaped_uid = re.escape(uid_to_remove) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add unit test which will check if re.escape is called.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a test to check for this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The failing slack unit test also must be investigated how it's connected to the made changes, I doubt it's flaky.
…al-of-Service-on-Slack-connector
…al-of-Service-on-Slack-connector
…al-of-Service-on-Slack-connector
…al-of-Service-on-Slack-connector
🚀 A preview of the docs have been deployed at the following URL: https://12280--rasahq-docs-rasa-v2.netlify.app/docs/rasa |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏻
Proposed changes:
Status (please check what you already did):
black
(please check Readme for instructions)