avoid bad data in the safe variable, multiple versions need to go into old_safe
Hanno Böck commited on 2023-03-11 07:33:42
Zeige 3 geänderte Dateien mit 12 Einfügungen und 2 Löschungen.
- freewvsdb/plugins.json f2f1a03..a3be4e0
- tests/test_codingstyle.py 88c5e58..8458b31
- tests/test_jsonlint.py b47fc04..52c5331
| ... | ... |
@@ -322,7 +322,8 @@ |
| 322 | 322 |
{
|
| 323 | 323 |
"name": "Wordpress-ACF", |
| 324 | 324 |
"url": "https://www.advancedcustomfields.com/", |
| 325 |
- "safe": "6.0.3,5.12.4", |
|
| 325 |
+ "safe": "6.0.3", |
|
| 326 |
+ "old_safe": "5.12.4", |
|
| 326 | 327 |
"vuln": "https://www.advancedcustomfields.com/blog/acf-6-0-3-release-security-changes-to-the-acf-shortcode-and-ui-improvements/#acf-shortcode", |
| 327 | 328 |
"detection": [ |
| 328 | 329 |
{
|
| ... | ... |
@@ -8,7 +8,7 @@ class TestCodingstyle(unittest.TestCase): |
| 8 | 8 |
def test_codingstyle(): |
| 9 | 9 |
pyfiles = ["freewvs", "update-freewvsdb", "setup.py"] + glob.glob("tests/*.py")
|
| 10 | 10 |
subprocess.run( |
| 11 |
- ["pycodestyle", "--ignore=W503", "--max-line-length=88"] + pyfiles, |
|
| 11 |
+ ["pycodestyle", "--ignore=W503,E501", "--max-line-length=88"] + pyfiles, |
|
| 12 | 12 |
check=True, |
| 13 | 13 |
) |
| 14 | 14 |
subprocess.run(["pyflakes"] + pyfiles, check=True) |
| ... | ... |
@@ -58,6 +57,15 @@ class TestJsonLint(unittest.TestCase): |
| 58 | 57 |
msg=f"{item['name']}: Invalid vuln {item['vuln']}",
|
| 59 | 58 |
) |
| 60 | 59 |
|
| 60 |
+ # make sure safe is a version |
|
| 61 |
+ if item["safe"] != "": |
|
| 62 |
+ # we have a theoretical reDoS here, but |
|
| 63 |
+ # this is no external data, therefore ok |
|
| 64 |
+ self.assertTrue( |
|
| 65 |
+ re.match(r'^([0-9]+\.)*[0-9]+$', item["safe"]), # noqa: DUO138 |
|
| 66 |
+ msg=f"{item['name']}: Invalid safe version {item['safe']}",
|
|
| 67 |
+ ) |
|
| 68 |
+ |
|
| 61 | 69 |
# make sure old_safe is properly sorted |
| 62 | 70 |
if "old_safe" in item: |
| 63 | 71 |
old_safe = item["old_safe"].split(",")
|
| 64 | 72 |