mirror of
https://github.com/django/django.git
synced 2025-01-30 12:09:25 +00:00
[5.0.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
This commit is contained in:
Adam Johnson
Natalia
parent
2cfa3fba0c
commit
16a8fe18a3
@ -75,12 +75,13 @@ def intcomma(value, use_l10n=True):
|
|||||||
return intcomma(value, False)
|
return intcomma(value, False)
|
||||||
else:
|
else:
|
||||||
return number_format(value, use_l10n=True, force_grouping=True)
|
return number_format(value, use_l10n=True, force_grouping=True)
|
||||||
orig = str(value)
|
result = str(value)
|
||||||
new = re.sub(r"^(-?\d+)(\d{3})", r"\g<1>,\g<2>", orig)
|
match = re.match(r"-?\d+", result)
|
||||||
if orig == new:
|
if match:
|
||||||
return new
|
prefix = match[0]
|
||||||
else:
|
prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1]
|
||||||
return intcomma(new, use_l10n)
|
result = prefix_with_commas + result[len(prefix) :]
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
# A tuple of standard large number to their converters
|
# A tuple of standard large number to their converters
|
||||||
|
|||||||
@ -6,4 +6,8 @@ Django 3.2.24 release notes
|
|||||||
|
|
||||||
Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23.
|
Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23.
|
||||||
|
|
||||||
...
|
CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
The ``intcomma`` template filter was subject to a potential denial-of-service
|
||||||
|
attack when used with very long strings.
|
||||||
|
|||||||
@ -6,4 +6,8 @@ Django 4.2.10 release notes
|
|||||||
|
|
||||||
Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9.
|
Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9.
|
||||||
|
|
||||||
...
|
CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
The ``intcomma`` template filter was subject to a potential denial-of-service
|
||||||
|
attack when used with very long strings.
|
||||||
|
|||||||
@ -7,6 +7,12 @@ Django 5.0.2 release notes
|
|||||||
Django 5.0.2 fixes a security issue with severity "moderate" and several bugs
|
Django 5.0.2 fixes a security issue with severity "moderate" and several bugs
|
||||||
in 5.0.1. Also, the latest string translations from Transifex are incorporated.
|
in 5.0.1. Also, the latest string translations from Transifex are incorporated.
|
||||||
|
|
||||||
|
CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
The ``intcomma`` template filter was subject to a potential denial-of-service
|
||||||
|
attack when used with very long strings.
|
||||||
|
|
||||||
Bugfixes
|
Bugfixes
|
||||||
========
|
========
|
||||||
|
|
||||||
|
|||||||
@ -116,39 +116,71 @@ class HumanizeTests(SimpleTestCase):
|
|||||||
def test_intcomma(self):
|
def test_intcomma(self):
|
||||||
test_list = (
|
test_list = (
|
||||||
100,
|
100,
|
||||||
|
-100,
|
||||||
1000,
|
1000,
|
||||||
|
-1000,
|
||||||
10123,
|
10123,
|
||||||
|
-10123,
|
||||||
10311,
|
10311,
|
||||||
|
-10311,
|
||||||
1000000,
|
1000000,
|
||||||
|
-1000000,
|
||||||
1234567.25,
|
1234567.25,
|
||||||
|
-1234567.25,
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1000",
|
"1000",
|
||||||
|
"-1000",
|
||||||
"10123",
|
"10123",
|
||||||
|
"-10123",
|
||||||
"10311",
|
"10311",
|
||||||
|
"-10311",
|
||||||
"1000000",
|
"1000000",
|
||||||
|
"-1000000",
|
||||||
"1234567.1234567",
|
"1234567.1234567",
|
||||||
|
"-1234567.1234567",
|
||||||
Decimal("1234567.1234567"),
|
Decimal("1234567.1234567"),
|
||||||
|
Decimal("-1234567.1234567"),
|
||||||
None,
|
None,
|
||||||
"1234567",
|
"1234567",
|
||||||
|
"-1234567",
|
||||||
"1234567.12",
|
"1234567.12",
|
||||||
|
"-1234567.12",
|
||||||
|
"the quick brown fox jumped over the lazy dog",
|
||||||
)
|
)
|
||||||
result_list = (
|
result_list = (
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1,000",
|
"1,000",
|
||||||
|
"-1,000",
|
||||||
"10,123",
|
"10,123",
|
||||||
|
"-10,123",
|
||||||
"10,311",
|
"10,311",
|
||||||
|
"-10,311",
|
||||||
"1,000,000",
|
"1,000,000",
|
||||||
|
"-1,000,000",
|
||||||
"1,234,567.25",
|
"1,234,567.25",
|
||||||
|
"-1,234,567.25",
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1,000",
|
"1,000",
|
||||||
|
"-1,000",
|
||||||
"10,123",
|
"10,123",
|
||||||
|
"-10,123",
|
||||||
"10,311",
|
"10,311",
|
||||||
|
"-10,311",
|
||||||
"1,000,000",
|
"1,000,000",
|
||||||
|
"-1,000,000",
|
||||||
"1,234,567.1234567",
|
"1,234,567.1234567",
|
||||||
|
"-1,234,567.1234567",
|
||||||
"1,234,567.1234567",
|
"1,234,567.1234567",
|
||||||
|
"-1,234,567.1234567",
|
||||||
None,
|
None,
|
||||||
"1,234,567",
|
"1,234,567",
|
||||||
|
"-1,234,567",
|
||||||
"1,234,567.12",
|
"1,234,567.12",
|
||||||
|
"-1,234,567.12",
|
||||||
|
"the quick brown fox jumped over the lazy dog",
|
||||||
)
|
)
|
||||||
with translation.override("en"):
|
with translation.override("en"):
|
||||||
self.humanize_tester(test_list, result_list, "intcomma")
|
self.humanize_tester(test_list, result_list, "intcomma")
|
||||||
@ -156,39 +188,71 @@ class HumanizeTests(SimpleTestCase):
|
|||||||
def test_l10n_intcomma(self):
|
def test_l10n_intcomma(self):
|
||||||
test_list = (
|
test_list = (
|
||||||
100,
|
100,
|
||||||
|
-100,
|
||||||
1000,
|
1000,
|
||||||
|
-1000,
|
||||||
10123,
|
10123,
|
||||||
|
-10123,
|
||||||
10311,
|
10311,
|
||||||
|
-10311,
|
||||||
1000000,
|
1000000,
|
||||||
|
-1000000,
|
||||||
1234567.25,
|
1234567.25,
|
||||||
|
-1234567.25,
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1000",
|
"1000",
|
||||||
|
"-1000",
|
||||||
"10123",
|
"10123",
|
||||||
|
"-10123",
|
||||||
"10311",
|
"10311",
|
||||||
|
"-10311",
|
||||||
"1000000",
|
"1000000",
|
||||||
|
"-1000000",
|
||||||
"1234567.1234567",
|
"1234567.1234567",
|
||||||
|
"-1234567.1234567",
|
||||||
Decimal("1234567.1234567"),
|
Decimal("1234567.1234567"),
|
||||||
|
-Decimal("1234567.1234567"),
|
||||||
None,
|
None,
|
||||||
"1234567",
|
"1234567",
|
||||||
|
"-1234567",
|
||||||
"1234567.12",
|
"1234567.12",
|
||||||
|
"-1234567.12",
|
||||||
|
"the quick brown fox jumped over the lazy dog",
|
||||||
)
|
)
|
||||||
result_list = (
|
result_list = (
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1,000",
|
"1,000",
|
||||||
|
"-1,000",
|
||||||
"10,123",
|
"10,123",
|
||||||
|
"-10,123",
|
||||||
"10,311",
|
"10,311",
|
||||||
|
"-10,311",
|
||||||
"1,000,000",
|
"1,000,000",
|
||||||
|
"-1,000,000",
|
||||||
"1,234,567.25",
|
"1,234,567.25",
|
||||||
|
"-1,234,567.25",
|
||||||
"100",
|
"100",
|
||||||
|
"-100",
|
||||||
"1,000",
|
"1,000",
|
||||||
|
"-1,000",
|
||||||
"10,123",
|
"10,123",
|
||||||
|
"-10,123",
|
||||||
"10,311",
|
"10,311",
|
||||||
|
"-10,311",
|
||||||
"1,000,000",
|
"1,000,000",
|
||||||
|
"-1,000,000",
|
||||||
"1,234,567.1234567",
|
"1,234,567.1234567",
|
||||||
|
"-1,234,567.1234567",
|
||||||
"1,234,567.1234567",
|
"1,234,567.1234567",
|
||||||
|
"-1,234,567.1234567",
|
||||||
None,
|
None,
|
||||||
"1,234,567",
|
"1,234,567",
|
||||||
|
"-1,234,567",
|
||||||
"1,234,567.12",
|
"1,234,567.12",
|
||||||
|
"-1,234,567.12",
|
||||||
|
"the quick brown fox jumped over the lazy dog",
|
||||||
)
|
)
|
||||||
with self.settings(USE_THOUSAND_SEPARATOR=False):
|
with self.settings(USE_THOUSAND_SEPARATOR=False):
|
||||||
with translation.override("en"):
|
with translation.override("en"):
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user