Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
python-Twisted.34943
CVE-2024-41810.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-41810.patch of Package python-Twisted.34943
Index: Twisted-19.10.0/src/twisted/web/newsfragments/12263.bugfix =================================================================== --- /dev/null +++ Twisted-19.10.0/src/twisted/web/newsfragments/12263.bugfix @@ -0,0 +1 @@ +twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. \ No newline at end of file Index: Twisted-19.10.0/src/twisted/web/newsfragments/9839.bugfix =================================================================== --- /dev/null +++ Twisted-19.10.0/src/twisted/web/newsfragments/9839.bugfix @@ -0,0 +1 @@ +twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). Index: Twisted-19.10.0/src/twisted/web/test/test_util.py =================================================================== --- Twisted-19.10.0.orig/src/twisted/web/test/test_util.py +++ Twisted-19.10.0/src/twisted/web/test/test_util.py @@ -59,6 +59,44 @@ class RedirectToTests(TestCase): self.assertRaises(TypeError, redirectTo, targetURL, request) + def test_legitimateRedirect(self): + """ + Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation + """ + request = DummyRequest([b""]) + html = redirectTo(b"https://twisted.org/", request) + expected = b""" +<html> + <head> + <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/\"> + </head> + <body bgcolor=\"#FFFFFF\" text=\"#000000\"> + <a href=\"https://twisted.org/\">click here</a> + </body> +</html> +""" + self.assertEqual(html, expected) + + def test_maliciousRedirect(self): + """ + Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body + """ + request = DummyRequest([b""]) + html = redirectTo( + b'https://twisted.org/"><script>alert(document.location)</script>', request + ) + expected = b""" +<html> + <head> + <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/"><script>alert(document.location)</script>\"> + </head> + <body bgcolor=\"#FFFFFF\" text=\"#000000\"> + <a href=\"https://twisted.org/"><script>alert(document.location)</script>\">click here</a> + </body> +</html> +""" + self.assertEqual(html, expected) + class FailureElementTests(TestCase): """ Index: Twisted-19.10.0/src/twisted/web/util.py =================================================================== --- Twisted-19.10.0.orig/src/twisted/web/util.py +++ Twisted-19.10.0/src/twisted/web/util.py @@ -70,7 +70,7 @@ def redirectTo(URL, request): <a href=\"%(url)s\">click here</a> </body> </html> -""" % {'url': nativeString(URL)} +""" % {'url': nativeString(escape(URL))} if _PY3: content = content.encode("utf8") return content
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
