packages/python-pygments
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!45 [sync] PR-44: fix CVE-2022-40896

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @licihua 
Signed-off-by: @licihua
This commit is contained in:
openeuler-ci-bot 2023-07-31 03:41:52 +00:00 committed by Gitee
commit 9a46e0c3b5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
backport-CVE-2022-40896.patch Normal file
View File

@ -0,0 +1,119 @@
From dd52102c38ebe78cd57748e09f38929fd283ad04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matth=C3=A4us=20G=2E=20Chajdas?= <dev@anteru.net>
Date: Sat, 31 Dec 2022 16:29:56 +0100
Subject: [PATCH] Improve the Smithy metadata matcher.
Previously, metadata foo bar baz = 23 was accepted, but according to
the definition https://smithy.io/2.0/spec/idl.html#grammar-token-smithy-MetadataSection
it should be "metadata"<whitespace>Identifier/String<optional whitespace>.
---
pygments/lexers/smithy.py | 5 +-
tests/examplefiles/smithy/test.smithy | 12 +++++
tests/examplefiles/smithy/test.smithy.output | 52 ++++++++++++++++++++
3 files changed, 67 insertions(+), 2 deletions(-)
diff --git a/pygments/lexers/smithy.py b/pygments/lexers/smithy.py
index 5f2f76cd..69b576e4 100644
--- a/pygments/lexers/smithy.py
+++ b/pygments/lexers/smithy.py
@@ -56,8 +56,9 @@ class SmithyLexer(RegexLexer):
(words(aggregate_shapes,
prefix=r'^', suffix=r'(\s+' + identifier + r')'),
bygroups(Keyword.Declaration, Name.Class)),
- (r'^(metadata)(\s+.+)(\s*)(=)',
- bygroups(Keyword.Declaration, Name.Class, Whitespace, Name.Decorator)),
+ (r'^(metadata)(\s+)((?:\S+)|(?:\"[^"]+\"))(\s*)(=)',
+ bygroups(Keyword.Declaration, Whitespace, Name.Class,
+ Whitespace, Name.Decorator)),
(r"(true|false|null)", Keyword.Constant),
(r"(-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?)", Number),
(identifier + ":", Name.Label),
diff --git a/tests/examplefiles/smithy/test.smithy b/tests/examplefiles/smithy/test.smithy
index 3d20f064..9317fee9 100644
--- a/tests/examplefiles/smithy/test.smithy
+++ b/tests/examplefiles/smithy/test.smithy
@@ -2,6 +2,18 @@ $version: "1.0"
namespace test
+metadata "foo" = ["bar", "baz"]
+metadata validators = [
+ {
+ name: "ValidatorName"
+ id: "ValidatorId"
+ message: "Some string"
+ configuration: {
+ selector: "operation"
+ }
+ }
+]
+
/// Define how an HTTP request is serialized given a specific protocol,
/// authentication scheme, and set of input parameters.
@trait(selector: "operation")
diff --git a/tests/examplefiles/smithy/test.smithy.output b/tests/examplefiles/smithy/test.smithy.output
index 1f224897..db44a381 100644
--- a/tests/examplefiles/smithy/test.smithy.output
+++ b/tests/examplefiles/smithy/test.smithy.output
@@ -7,6 +7,58 @@
' test' Name.Class
'\n\n' Text.Whitespace
+'metadata' Keyword.Declaration
+' ' Text.Whitespace
+'"foo"' Name.Class
+' ' Text.Whitespace
+'=' Name.Decorator
+' ' Text.Whitespace
+'[' Text
+'"bar"' Literal.String.Double
+',' Punctuation
+' ' Text.Whitespace
+'"baz"' Literal.String.Double
+']' Text
+'\n' Text.Whitespace
+
+'metadata' Keyword.Declaration
+' ' Text.Whitespace
+'validators' Name.Class
+' ' Text.Whitespace
+'=' Name.Decorator
+' ' Text.Whitespace
+'[' Text
+'\n ' Text.Whitespace
+'{' Text
+'\n ' Text.Whitespace
+'name:' Name.Label
+' ' Text.Whitespace
+'"ValidatorName"' Literal.String.Double
+'\n ' Text.Whitespace
+'id:' Name.Label
+' ' Text.Whitespace
+'"ValidatorId"' Literal.String.Double
+'\n ' Text.Whitespace
+'message:' Name.Label
+' ' Text.Whitespace
+'"Some string"' Literal.String.Double
+'\n ' Text.Whitespace
+'configuration:' Name.Label
+' ' Text.Whitespace
+'{' Text
+'\n ' Text.Whitespace
+'selector:' Name.Label
+' ' Text.Whitespace
+'"operation"' Literal.String.Double
+'\n ' Text.Whitespace
+'}' Text
+'\n ' Text.Whitespace
+'}' Text
+'\n' Text.Whitespace
+
+']' Text
+'\n\n' Text.Whitespace
+
'/// Define how an HTTP request is serialized given a specific protocol,' Comment.Multiline
'\n' Text.Whitespace
--
2.39.1

10
python-pygments.spec
View File

@ -17,7 +17,7 @@ need to prettify source code. Highlights are: \
Name: python-pygments Name: python-pygments
Summary: Syntax highlighting engine written in Python Summary: Syntax highlighting engine written in Python
Version: 2.10.0 Version: 2.10.0
Release: 3 Release: 4
License: BSD License: BSD
URL: http://pygments.org/ URL: http://pygments.org/
Source0: https://pypi.org/packages/source/P/Pygments/Pygments-%{version}.tar.gz Source0: https://pypi.org/packages/source/P/Pygments/Pygments-%{version}.tar.gz
@ -25,6 +25,8 @@ Source0: https://pypi.org/packages/source/P/Pygments/Pygments-%{version}.
Patch0: 0001-fixed-typo.patch Patch0: 0001-fixed-typo.patch
Patch1: 0001-Fix-do-concurrent-and-go-to-keywords-in-the-Fortran-.patch Patch1: 0001-Fix-do-concurrent-and-go-to-keywords-in-the-Fortran-.patch
Patch6000: backport-CVE-2022-40896.patch
BuildArch: noarch BuildArch: noarch
%description %description
@ -81,6 +83,12 @@ make test
%endif %endif
%changelog %changelog
* Wed Jul 26 2023 zhuofeng <zhuofeng2@huawei.com> - 2.10.0-4
- Type:CVE
- CVE:CVE-2022-40896
- SUG:NA
- DESC:fix CVE-2022-40896
* Wed Jan 18 2023 caofei <caofei@xfusion.com> - 2.10.0-3 * Wed Jan 18 2023 caofei <caofei@xfusion.com> - 2.10.0-3
- Fix "do concurrent" and "go to" keywords in the Fortran - Fix "do concurrent" and "go to" keywords in the Fortran