diff options
author | tv <tv@krebsco.de> | 2016-11-18 15:13:49 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-11-18 15:22:15 +0100 |
commit | cb09a4c34871566cf460e75c9f177b9251858c12 (patch) | |
tree | e2577b5a82f827e421d66f8eea23fc2bef235df4 /krebs/5pkgs | |
parent | d430a1fa40fd10aefa9940609818adbabacb1e60 (diff) |
Reaktor sed-plugin: remove sed script injection
Thanks @waldi for providing a breaking example: s/.\/\/; w /tmp/i
Diffstat (limited to 'krebs/5pkgs')
-rw-r--r-- | krebs/5pkgs/Reaktor/scripts/sed-plugin.py | 20 |
1 files changed, 3 insertions, 17 deletions
diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 8103c9585..22b48e59d 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -13,30 +13,16 @@ usr = environ['_from'] import re def is_regex(line): - myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') + myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) line = argv[1] -m = is_regex(line) -if m: - f,t,flagstr = m.groups() - fn = f.replace('\/','/') - tn = t.replace('\/','/') - flags = 0 - count = 1 - if flagstr: - if 'i' in flagstr: - flags = re.IGNORECASE - if 'g' in flagstr: - count = 0 - else: - flagstr = '' +if is_regex(line): last = d.get(usr,None) if last: - #print(re.sub(fn,tn,last,count=count,flags=flags)) from subprocess import Popen,PIPE - p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) + p = Popen(['sed',line],stdin=PIPE,stdout=PIPE) so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) |