mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.

Browse Source 
Thanks Seokchan Yoon for reports.
This commit is contained in:
Mariusz Felisiak
2023-06-14 12:23:06 +02:00
parent 7eeadc82c2
commit ad0410ec4f
10 changed files with 73 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/validators/tests.py
View File

@@ -106,6 +106,7 @@ VALID_URLS = [
"ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
"ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
"ddddddddddddddddd:password@example.com:8080",
"http://userid:password" + "d" * 2000 + "@example.aaaaaaaaaaaaa.com",
"http://142.42.1.1/",
"http://142.42.1.1:8080/",
"http://➡.ws/䨹",
@@ -236,6 +237,7 @@ INVALID_URLS = [
"aaaaaa.com",
"http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaa",
"http://example." + ("a" * 63 + ".") * 1000 + "com",
"http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaa"
@@ -291,6 +293,7 @@ TEST_DATA = [
(validate_email, "example@%s.%s.atm" % ("a" * 63, "b" * 10), None),
(validate_email, "example@atm.%s" % ("a" * 64), ValidationError),
(validate_email, "example@%s.atm.%s" % ("b" * 64, "a" * 63), ValidationError),
(validate_email, "example@%scom" % (("a" * 63 + ".") * 100), ValidationError),
(validate_email, None, ValidationError),
(validate_email, "", ValidationError),
(validate_email, "abc", ValidationError),