From c475bef963b535f7e93f70779eb5952f511ea042 Mon Sep 17 00:00:00 2001 From: monsieurswag Date: Fri, 17 May 2024 12:58:36 +0200 Subject: [PATCH] Restrict the URN end characters to relatively safe ASCII characters --- backend/library/utils.py | 3 +-- frontend/src/lib/utils/constants.ts | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/backend/library/utils.py b/backend/library/utils.py index 464d1924d..faa71cc9c 100644 --- a/backend/library/utils.py +++ b/backend/library/utils.py @@ -28,8 +28,7 @@ logger = structlog.get_logger(__name__) -URN_REGEX = r"^urn:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)(?::([a-zA-Z0-9_-]+))?:(\S+)$" - +URN_REGEX = r"^urn:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)(?::([a-zA-Z0-9_-]+))?:([0-9A-Za-z\[\]\(\)\-\._:]+)$" def match_urn(urn_string): match = re.match(URN_REGEX, urn_string) diff --git a/frontend/src/lib/utils/constants.ts b/frontend/src/lib/utils/constants.ts index df3a93e92..afe68ab81 100644 --- a/frontend/src/lib/utils/constants.ts +++ b/frontend/src/lib/utils/constants.ts @@ -37,7 +37,7 @@ export const UUID_REGEX = '([0-9a-f]{8}\\-[0-9a-f]{4}\\-[0-9a-f]{4}\\-[0-9a-f]{4 export const UUID_LIST_REGEX = new RegExp(`^${UUID_REGEX}(,${UUID_REGEX})*$`); export const URN_REGEX = - /^urn:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)(?::([a-zA-Z0-9_-]+))?:(\S+)$/; + /^urn:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)(?::([a-zA-Z0-9_-]+))?:([0-9A-Za-z\[\]\(\)\-\._:]+)$/; export const LOCALE_DISPLAY_MAP = { en: '🇬🇧 English',