Vulnerable Regular Expression in docstring #8172

yetingli · 2020-09-05T05:47:31Z

Type of Issue
Potential Regex Denial of Service (ReDoS)

Description
The vulnerable regular expression is located in

sphinx/sphinx/ext/napoleon/docstring.py

Line 34 in 31f26a0

_google_typed_arg_regex = re.compile(r'\s*(.+?)\s*\(\s*(.*[^\s]+)\s*\)')

The regex with quantified overlapping adjacency and can be exploited with the following string
" " * 5000 + "!"

I think you can limit the input length or modify this regex.

The text was updated successfully, but these errors were encountered:

tk0miya · 2020-09-20T08:37:49Z

Thank you for reporting.
I posted #8224 to fix this. Please check it if you have time.

yetingli · 2020-09-22T02:44:32Z

Hi @tk0miya ,
Thank you for your reply. I think your fix is correct and safe :)

Fix #8172: napoleon: Potential of regex denial of service in google style docs

tk0miya added type:bug extensions:napoleon labels Sep 20, 2020

tk0miya added this to the 3.3.0 milestone Sep 20, 2020

tk0miya mentioned this issue Sep 20, 2020

Fix #8172: napoleon: Potential of regex denial of service in google style docs #8224

Merged

tk0miya closed this as completed in f00e752 Sep 27, 2020

tk0miya added a commit that referenced this issue Sep 27, 2020

Merge pull request #8224 from tk0miya/8172_napoleon_redos

a81c453

Fix #8172: napoleon: Potential of regex denial of service in google style docs

github-actions bot locked as resolved and limited conversation to collaborators Jul 19, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerable Regular Expression in docstring #8172

Vulnerable Regular Expression in docstring #8172

yetingli commented Sep 5, 2020

tk0miya commented Sep 20, 2020

yetingli commented Sep 22, 2020

Vulnerable Regular Expression in docstring #8172

Vulnerable Regular Expression in docstring #8172

Comments

yetingli commented Sep 5, 2020

tk0miya commented Sep 20, 2020

yetingli commented Sep 22, 2020