blob: d7fc87fec8d8d7f67d7dfb940939238678f6c09f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From 9a73f2a80e5cf869d473ddcbfceaab229fb99b5e Mon Sep 17 00:00:00 2001
From: Narpat Mali <narpat.mali@windriver.com>
Date: Mon, 28 Aug 2023 15:04:14 +0000
Subject: [PATCH] SQL+Jinja: use a simpler regex in analyse_text
Fixes catastrophic backtracking
Fixes #2355
CVE: CVE-2022-40896
Upstream-Status: Backport [https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
---
CHANGES | 1 +
pygments/lexers/templates.py | 6 +-----
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/CHANGES b/CHANGES
index 2aa54fa..4c84fa6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -61,6 +61,7 @@ Version 2.14.0
* Spice: Add ``enum`` keyword and fix a bug regarding binary,
hexadecimal and octal number tokens (#2227)
* YAML: Accept colons in key names (#2277)
+ * SQL+Jinja (``analyse_text`` method): fix catastrophic backtracking [Backported]
- Fix `make mapfiles` when Pygments is not installed in editable mode
(#2223)
diff --git a/pygments/lexers/templates.py b/pygments/lexers/templates.py
index 1fcf708..1066294 100644
--- a/pygments/lexers/templates.py
+++ b/pygments/lexers/templates.py
@@ -2291,10 +2291,6 @@ class SqlJinjaLexer(DelegatingLexer):
if re.search(r'\{\{\s*source\(.*\)\s*\}\}', text):
rv += 0.25
# Jinja macro
- if re.search(
- r'\{%-?\s*macro \w+\(.*\)\s*-?%\}\s+.*\s+\{%-?\s*endmacro\s*-?%\}',
- text,
- re.S,
- ):
+ if re.search(r'\{%-?\s*macro \w+\(.*\)\s*-?%\}', text):
rv += 0.15
return rv
--
2.40.0
|