Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
python-Twisted.34941
CVE-2024-41810.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-41810.patch of Package python-Twisted.34941
Index: Twisted-22.10.0/src/twisted/web/_template_util.py =================================================================== --- Twisted-22.10.0.orig/src/twisted/web/_template_util.py +++ Twisted-22.10.0/src/twisted/web/_template_util.py @@ -92,7 +92,7 @@ def redirectTo(URL: bytes, request: IReq </body> </html> """ % { - b"url": URL + b"url": escape(URL.decode("utf-8")).encode("utf-8") } return content Index: Twisted-22.10.0/src/twisted/web/newsfragments/12263.bugfix =================================================================== --- /dev/null +++ Twisted-22.10.0/src/twisted/web/newsfragments/12263.bugfix @@ -0,0 +1 @@ +twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. \ No newline at end of file Index: Twisted-22.10.0/src/twisted/web/newsfragments/9839.bugfix =================================================================== --- /dev/null +++ Twisted-22.10.0/src/twisted/web/newsfragments/9839.bugfix @@ -0,0 +1 @@ +twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). Index: Twisted-22.10.0/src/twisted/web/test/test_util.py =================================================================== --- Twisted-22.10.0.orig/src/twisted/web/test/test_util.py +++ Twisted-22.10.0/src/twisted/web/test/test_util.py @@ -5,7 +5,6 @@ Tests for L{twisted.web.util}. """ - import gc from twisted.internet import defer @@ -64,6 +63,44 @@ class RedirectToTests(TestCase): targetURL = "http://target.example.com/4321" self.assertRaises(TypeError, redirectTo, targetURL, request) + def test_legitimateRedirect(self): + """ + Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation + """ + request = DummyRequest([b""]) + html = redirectTo(b"https://twisted.org/", request) + expected = b""" +<html> + <head> + <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/\"> + </head> + <body bgcolor=\"#FFFFFF\" text=\"#000000\"> + <a href=\"https://twisted.org/\">click here</a> + </body> +</html> +""" + self.assertEqual(html, expected) + + def test_maliciousRedirect(self): + """ + Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body + """ + request = DummyRequest([b""]) + html = redirectTo( + b'https://twisted.org/"><script>alert(document.location)</script>', request + ) + expected = b""" +<html> + <head> + <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/"><script>alert(document.location)</script>\"> + </head> + <body bgcolor=\"#FFFFFF\" text=\"#000000\"> + <a href=\"https://twisted.org/"><script>alert(document.location)</script>\">click here</a> + </body> +</html> +""" + self.assertEqual(html, expected) + class ParentRedirectTests(SynchronousTestCase): """
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
