mirror of
https://github.com/offa/android-foss.git
synced 2026-04-23 05:36:19 +05:30
fix(security): potential ansi escape sequence injection in termin
In `ensure_sorted.py`, app names are extracted from the README.md file using regex and printed directly to the terminal with ANSI escape codes. If an app name in the README contains crafted ANSI escape sequences, it could manipulate terminal output, potentially hiding malicious content or confusing the CI output (terminal injection). Affected files: ensure_sorted.py Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>
This commit is contained in:
Trần Bách
parent
56e5f58ce9
commit
50c05d8f98
1 changed files with 1 additions and 0 deletions
|
|
@ -23,6 +23,7 @@ class Category:
|
|||
if len(matches) != 1:
|
||||
raise RuntimeError("These should be only one match")
|
||||
app_name = matches[0]
|
||||
app_name = re.sub(r'\x1b\[[0-9;]*m', '', app_name)
|
||||
# make it lower case and append it
|
||||
self.apps.append(app_name.lower())
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue