CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

fix: [paste_submit] restrict source characters

pull/569/head
Terrtia 2021-05-31 15:31:41 +02:00
parent a2ebd09c2a
commit d4829273c5
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
var/www/modules/PasteSubmit/Flask_PasteSubmit.py
View File

@ -7,6 +7,7 @@
##################################
# Import External packages
##################################
import re
import os
import sys
import json
@ -278,12 +279,18 @@ def submit():
paste_content = request.form['paste_content']
paste_source = request.form['paste_source']
if paste_source:
# limit source length
paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']:
content = f'Invalid source'
logger.info(paste_source)
return content, 400
paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']:
content = f'Invalid source'
logger.info(paste_source)
return content, 400
if not re.match('^[0-9a-zA-Z-_\+@#&\.;=:!]*$', paste_source):
content = f'Invalid source name: Forbidden character(s)'
logger.info(content)
return content, 400
is_file = False
if 'file' in request.files: