32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From b23759fa6498f200f7557d40264515d8cf41cb1d Mon Sep 17 00:00:00 2001
|
|
From: changtao <changtao@kylinos.cn>
|
|
Date: Sun, 15 Dec 2024 11:59:30 +0800
|
|
Subject: [PATCH] fix CVE-2024-56326
|
|
|
|
---
|
|
Jinja2-2.11.2/tests/test_security.py | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/Jinja2-2.11.2/tests/test_security.py b/Jinja2-2.11.2/tests/test_security.py
|
|
index 2e2af69..0d3e60c 100644
|
|
--- a/Jinja2-2.11.2/tests/test_security.py
|
|
+++ b/Jinja2-2.11.2/tests/test_security.py
|
|
@@ -179,12 +179,12 @@ class TestStringFormat(object):
|
|
|
|
def test_safe_format_safety(self):
|
|
env = SandboxedEnvironment()
|
|
- t = env.from_string('{{ ("a{0.__class__}b{1}"|safe).format(42, "<foo>") }}')
|
|
+ t = env.from_string('{{ ("a{0}b{1}"|safe).format("", "<foo>") }}')
|
|
assert t.render() == "ab<foo>"
|
|
|
|
def test_safe_format_all_okay(self):
|
|
env = SandboxedEnvironment()
|
|
- t = env.from_string('{{ ("a{0.foo}b{1}"|safe).format({"foo": 42}, "<foo>") }}')
|
|
+ t = env.from_string('{{ ("a{0[foo]}b{1}"|safe).format({"foo": 42}, "<foo>") }}')
|
|
assert t.render() == "a42b<foo>"
|
|
|
|
|
|
--
|
|
2.43.0
|
|
|