From 45ff8eabe0363f829c397372aefc3b23aeb135b3 Mon Sep 17 00:00:00 2001 From: Narpat Mali Date: Tue, 29 Aug 2023 10:45:34 +0000 Subject: [PATCH] Improve Java properties lexer (#2404) Use special lexer rules for escapes; fixes catastrophic backtracking, and highlights them too. Fixes #2356 CVE: CVE-2022-40896 Upstream-Status: Backport [https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52] Signed-off-by: Narpat Mali --- pygments/lexers/configs.py | 50 +++++--- tests/examplefiles/properties/java.properties | 11 ++ .../properties/java.properties.output | 110 +++++++++++++++--- .../test_escaped_space_in_value.txt | 4 +- .../properties/test_just_key_with_space.txt | 4 +- 5 files changed, 143 insertions(+), 36 deletions(-) diff --git a/pygments/lexers/configs.py b/pygments/lexers/configs.py index e04c722..b28b56a 100644 --- a/pygments/lexers/configs.py +++ b/pygments/lexers/configs.py @@ -129,26 +129,42 @@ class PropertiesLexer(RegexLexer): tokens = { 'root': [ - (r'\s+', Whitespace), + # comments (r'[!#].*|/{2}.*', Comment.Single), - # search for first separator - (r'([^\\\n]|\\.)*?(?=[ \f\t=:])', Name.Attribute, "separator"), - # empty key - (r'.+?$', Name.Attribute), + # ending a comment or whitespace-only line + (r'\n', Whitespace), + # eat whitespace at the beginning of a line + (r'^[^\S\n]+', Whitespace), + # start lexing a key + default('key'), ], - 'separator': [ - # search for line continuation escape - (r'([ \f\t]*)([=:]*)([ \f\t]*)(.*(?