summaryrefslogtreecommitdiff
path: root/tests/utils_tests
diff options
context:
space:
mode:
authorAdam Johnson <me@adamj.eu>2024-06-24 15:30:59 +0200
committerNatalia <124304+nessita@users.noreply.github.com>2024-07-09 09:42:12 -0300
commit44aef996c8d723198e89ca834cb1d746e2e72d77 (patch)
tree4ab9dc5395942482de8294257568f388ab3b94bd /tests/utils_tests
parent79246129f706d3fcedfb565d75c2e7df09fc496f (diff)
[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Diffstat (limited to 'tests/utils_tests')
-rw-r--r--tests/utils_tests/test_html.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index ad31b8cc5b..9fe782ed2f 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -352,6 +352,13 @@ class TestUtilsHtml(SimpleTestCase):
"foo@.example.com",
"foo@localhost",
"foo@localhost.",
+ # trim_punctuation catastrophic tests
+ "(" * 100_000 + ":" + ")" * 100_000,
+ "(" * 100_000 + "&:" + ")" * 100_000,
+ "([" * 100_000 + ":" + "])" * 100_000,
+ "[(" * 100_000 + ":" + ")]" * 100_000,
+ "([[" * 100_000 + ":" + "]])" * 100_000,
+ "&:" + ";" * 100_000,
)
for value in tests:
with self.subTest(value=value):