Actions
Todo #12265
closed
Improve uses of ``grep`` which utilize user-supplied patterns
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Description
See #12257 and 57a737f1 for examples
A few things to watch out for:
- Patterns passed to grep based on user-controlled input that should be sanitized.
- Dangerous patterns such as back references (e.g.
\1) or group repetition(a)*which are unlikely to be used legitimately and are known sources of problems in grep, leading to a potential DoS due to CPU exhaustion. - Patterns passed to grep which could start with a
-and be misinterpreted as grep command line parameters, leading to problems like other files being read that shouldn't be. Can be worked around by placing the pattern after--e.g.grep -- <pattern>.
Examples of mitigation are in 57a737f1
Updated by
Actions