Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PySecSan] Fix a bug in Regex DoS detector due to typo #12735

Merged
merged 1 commit into from
Nov 25, 2024
Merged

[PySecSan] Fix a bug in Regex DoS detector due to typo #12735

merged 1 commit into from
Nov 25, 2024

Conversation

DaramG
Copy link
Contributor

@DaramG DaramG commented Nov 20, 2024

To detect Regex DoS, PySecSan installs pre_hook and post_hook of re.pattern.findall.
However, due to typo, it installs hook_pre_exec_re_pattern_findall as pre_hook and post_hook.
This leads to failure of detecting Regex DoS bugs.

@google-cla Google CLA
Copy link

google-cla bot commented Nov 20, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

DavidKorczynski
DavidKorczynski reviewed Nov 20, 2024
View reviewed changes
Copy link
Collaborator

@DavidKorczynski DavidKorczynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! I will double test this through tomorrow

@DavidKorczynski
Copy link
Collaborator

/gcbrun skip

DavidKorczynski
DavidKorczynski approved these changes Nov 20, 2024
View reviewed changes
Copy link
Collaborator

@DavidKorczynski DavidKorczynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot!

@DavidKorczynski
Copy link
Collaborator

@DaramG Could you sign the CLA please?

@DaramG
Copy link
Contributor Author

DaramG commented Nov 22, 2024

I just submitted the CLA.
Thanks!

shahsb
shahsb approved these changes Nov 25, 2024
View reviewed changes
Copy link

@shahsb shahsb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@DavidKorczynski
Copy link
Collaborator

I just submitted the CLA. Thanks!

you sure? it doesn't come up

@DavidKorczynski
Copy link
Collaborator

looks good

@DavidKorczynski DavidKorczynski merged commit 2cc80a4 into google:master Nov 25, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shahsb shahsb shahsb approved these changes

@DavidKorczynski DavidKorczynski DavidKorczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DaramG @DavidKorczynski @shahsb