Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.

Thanks Florian Apolloner for assisting with the patch.
author: Tim Graham <timograham@gmail.com> 2018-02-24 11:30:11 -0500
committer: Tim Graham <timograham@gmail.com> 2018-03-06 08:30:40 -0500
commit: 8618271caa0b09daba39ff3b46567d33ae1e1d3a (patch)
tree: 7ab34be3a2f6fc817df21d21daeaff35630767a2 /tests/utils_tests
parent: 4d2a2c83c7e8171522469908e8be8342ccb02052 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 4f0cc8d459..cce29c3fcd 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -253,3 +253,12 @@ class TestUtilsHtml(SimpleTestCase):
         for value, output in tests:
             with self.subTest(value=value):
                 self.assertEqual(urlize(value), output)
+
+    def test_urlize_unchanged_inputs(self):
+        tests = (
+            ('a' + '@a' * 50000) + 'a',  # simple_email_re catastrophic test
+            ('a' + '.' * 1000000) + 'a',  # trailing_punctuation catastrophic test
+        )
+        for value in tests:
+            with self.subTest(value=value):
+                self.assertEqual(urlize(value), value)
author	Tim Graham <timograham@gmail.com>	2018-02-24 11:30:11 -0500
committer	Tim Graham <timograham@gmail.com>	2018-03-06 08:30:40 -0500
commit	8618271caa0b09daba39ff3b46567d33ae1e1d3a (patch)
tree	7ab34be3a2f6fc817df21d21daeaff35630767a2 /tests/utils_tests
parent	4d2a2c83c7e8171522469908e8be8342ccb02052 (diff)