[PySecSan] Fix a bug in Regex DoS detector due to typo

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.

https://google.github.io/oss-fuzz

Apache License 2.0

10.59k stars 2.25k forks source link

[PySecSan] Fix a bug in Regex DoS detector due to typo #12735

Open DaramG opened 2 days ago

DaramG commented 2 days ago

To detect Regex DoS, PySecSan installs pre_hook and post_hook of re.pattern.findall. However, due to typo, it installs hook_pre_exec_re_pattern_findall as pre_hook and post_hook. This leads to failure of detecting Regex DoS bugs.

google-cla[bot] commented 2 days ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

DavidKorczynski commented 2 days ago

/gcbrun skip

DavidKorczynski commented 2 days ago

@DaramG Could you sign the CLA please?

DaramG commented 17 hours ago

I just submitted the CLA. Thanks!