Actions
Todo #12265
closedImprove uses of ``grep`` which utilize user-supplied patterns
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Description
See #12257 and 57a737f1 for examples
A few things to watch out for:
- Patterns passed to grep based on user-controlled input that should be sanitized.
- Dangerous patterns such as back references (e.g.
\1
) or group repetition(a)*
which are unlikely to be used legitimately and are known sources of problems in grep, leading to a potential DoS due to CPU exhaustion. - Patterns passed to grep which could start with a
-
and be misinterpreted as grep command line parameters, leading to problems like other files being read that shouldn't be. Can be worked around by placing the pattern after--
e.g.grep -- <pattern>
.
Examples of mitigation are in 57a737f1
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset bca881c428cd82315cc35414017844342db630a0.
Updated by Jim Pingle over 3 years ago
- Subject changed from Check usage of grep for potential dangers to Improve uses of ``grep`` which utilize user-supplied patterns
Updating subject for release notes.
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01
Updated by Jim Pingle almost 3 years ago
- Status changed from Feedback to Resolved
These have been working better since the changes went in, no sign of side effects thus far either.
Actions