Bennett/g0v0-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(bbcode): fix ReDos vulnerabilities in BBCodeService (#96)

Browse Source 
* fix(bbcode): fix ReDos of imagemap parsing

* fix(bbcode): use `regex` and add timeout to avoid too long time to parse

* feat(bbcode): use `make_tag` to generate HTML tags

* docs(bbcode): add docstrings for BBCodeService

* fix(user): validate BBCode content before processing userpage update

* fix(bbcode): catch timeout errors in BBCode parsing with MaliciousBBCodeError

* fix(bbcode): resolve reviews

* fix(bbcode): use `make_tag` in `_parse_size`

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(bbcode): fix using `make_tag` in `_parse_size`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
MingxuanGame
2025-12-12 19:50:29 +08:00
committed by GitHub
parent 0f51d7a834
commit e0c3e06ffe
5 changed files with 634 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/userpage.py
View File

@@ -98,3 +98,12 @@ class ForbiddenTagError(UserpageError):
message = f"Forbidden tag '{tag}' is not allowed."
super().__init__(message, "forbidden_tag")
self.tag = tag
class MaliciousBBCodeError(UserpageError):
"""恶意BBCode错误"""
def __init__(self, detail: str):
message = f"Malicious BBCode detected: {detail}"
super().__init__(message, "malicious_bbcode")
self.detail = detail