Fix: patch regex vulnerability in filename handling #7887

asiroliu · 2025-05-27T08:12:54Z

What problem does this PR solve?

Regular Expression Injection leading to Denial of Service (ReDoS)

Type of change

Bug Fix (non-breaking change which fixes an issue)

asiroliu · 2025-05-27T08:22:14Z

Known Issue:
When a filename already contains meaningful parenthesized numbers (e.g., "test(2025).txt"),
the duplicate resolution will incorrectly modify the existing number (e.g., to "test(2026).txt")
rather than following the expected pattern of appending a counter (e.g., "test(2025)(1).txt").

dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. 🐞 bug Something isn't working, pull request that fix bug. labels May 27, 2025

asiroliu added the ci Continue Integration label May 27, 2025

Fix: patch regex vulnerability in filename handling

306e67f

asiroliu force-pushed the security/GHSA-wqq6-x8g9-f7mh_250527 branch from 8cfad21 to 306e67f Compare May 27, 2025 08:19

asiroliu added ci Continue Integration and removed ci Continue Integration labels May 27, 2025

KevinHuSh merged commit ff0e829 into infiniflow:main May 27, 2025
1 check passed

asiroliu deleted the security/GHSA-wqq6-x8g9-f7mh_250527 branch May 27, 2025 08:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix: patch regex vulnerability in filename handling #7887

Fix: patch regex vulnerability in filename handling #7887

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Fix: patch regex vulnerability in filename handling #7887

Fix: patch regex vulnerability in filename handling #7887

Uh oh!

Conversation

What problem does this PR solve?

Type of change

Uh oh!

Uh oh!

Uh oh!

Uh oh!