Prevent potential ReDoS attack

Although the logic is used to parse a config value, it'd be better to eliminate a risk. Change-Id: Id30a69071ef9c3877f3153b95ee2d00d08c17921
2024-02-13 09:39:38 +09:00 · 2024-02-13 09:39:38 +09:00 · b389cb5e93
commit b389cb5e93
parent fe74dae2fe
1 changed files with 2 additions and 2 deletions
--- a/taskflow/jobs/backends/impl_redis.py
+++ b/taskflow/jobs/backends/impl_redis.py
@ -562,11 +562,11 @@ return cmsgpack.pack(result)
    @classmethod
    def _parse_sentinel(cls, sentinel):
        # IPv6 (eg. [::1]:6379 )
-        match = re.search(r'\[(\S+)\]:(\d+)', sentinel)
+        match = re.search(r'^\[(\S+)\]:(\d+)$', sentinel)
        if match:
            return (match[1], int(match[2]))
        # IPv4 or hostname (eg. 127.0.0.1:6379 or localhost:6379)
-        match = re.search(r'(\S+):(\d+)', sentinel)
+        match = re.search(r'^(\S+):(\d+)$', sentinel)
        if match:
            return (match[1], int(match[2]))
        raise ValueError('Malformed sentinel server format')