Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
python-reportlab
CVE-2019-19450-code-inj-paraparser.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-19450-code-inj-paraparser.patch of Package python-reportlab
# HG changeset patch # User robin # Date 1571472620 -3600 # Node ID b117091a73c2ef71dee9eacf23db50fc7031989b # Parent f8ec5d88933b0531da77702faa31075805e25aa2 paraparser fix contributed by ravi prakash giri <raviprakashgiri@gmail.com>; version --> 3.5.31 --- src/reportlab/platypus/paraparser.py | 7 +++++-- tests/test_platypus_paragraphs.py | 10 +++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) --- a/src/reportlab/platypus/paraparser.py +++ b/src/reportlab/platypus/paraparser.py @@ -841,8 +841,11 @@ class ParaParser(HTMLParser): v = '\0' elif 'code' in attr: try: - v = int(eval(attr['code'])) - v = chr(v) if isPy3 else unichr(v) + v = attr['code'].lower() + if v.startswith('0x'): + v = int(v,16) + else: + v = int(v,0) #treat as a python literal would be except: self._syntax_error('<unichar/> invalid code attribute %s' % ascii(attr['code'])) v = '\0' --- a/tests/test_platypus_paragraphs.py +++ b/tests/test_platypus_paragraphs.py @@ -7,6 +7,7 @@ from reportlab.lib.testutils import setO setOutDir(__name__) import sys, os, unittest from operator import truth +from reportlab.pdfgen.canvas import Canvas from reportlab.pdfbase.pdfmetrics import stringWidth, registerFont, registerFontFamily from reportlab.pdfbase.ttfonts import TTFont from reportlab.platypus.paraparser import ParaParser @@ -107,7 +108,6 @@ class ParagraphCorners(unittest.TestCase def test3(self): '''compare CJK splitting in some edge cases''' - from reportlab.pdfgen.canvas import Canvas from reportlab.platypus.paragraph import Paragraph from reportlab.lib.styles import ParagraphStyle from reportlab.pdfbase import pdfmetrics @@ -584,6 +584,14 @@ phonemic and <u>morphological</u> <strik doc = MyDocTemplate(outputfile('test_platypus_paragraphs_autoleading.pdf')) doc.build(story) + def test_unicharCodeSafety(self): + """test a bug reported by ravi prakash giri <raviprakashgiri@gmail.com>""" + normal = getSampleStyleSheet()['BodyText'] + self.assertRaises(Exception,Paragraph, + """<unichar code="open('/tmp/test.txt','w').write('Hello from unichar')"/>""", + normal) + + class JustifyTestCase(unittest.TestCase): "Test justification of paragraphs." def testUl(self):
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor