Fix asteris emphasis regex CVE-2022-34749

lepture · Jul 1, 2022 · a6d4321 · a6d4321
1 parent 5638e46
commit a6d4321
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 16 deletions.
diff --git a/mistune/inline_parser.py b/mistune/inline_parser.py
@@ -64,8 +64,8 @@ class InlineParser(ScannerParser):
  #: _emphasis_ __strong__
  ASTERISK_EMPHASIS = (
  r'(\*{1,2})(?=[^\s*])('
- r'(?:\\[\\*]|[^*])*'
- r'(?:' + ESCAPE_TEXT + r'|[^\s*]))\1'
+ r'(?:(?:(?<!\\)(?:\\\\)*\*)|[^*])+'
+ r')(?<!\\)\1'
  )
  UNDERSCORE_EMPHASIS = (
  r'\b(_{1,2})(?=[^\s_])([\s\S]*?'

diff --git a/tests/fixtures/non-commonmark.txt b/tests/fixtures/non-commonmark.txt
@@ -12,12 +12,6 @@
 <p>[link [foo [bar]]](/uri)</p>
 ````````````````````````````````
 
-```````````````````````````````` example
-[link *foo **bar** `#`*](/uri)
-.
-<p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p>
-````````````````````````````````
-
 ```````````````````````````````` example
 [foo [bar](/uri)](/uri)
 .
@@ -48,14 +42,6 @@
 <p><a href="uri">foo&lt;http://example.com/?search=</a>&gt;</p>
 ````````````````````````````````
 
-```````````````````````````````` example
-[link *foo **bar** `#`*][ref]
-
-[ref]: /uri
-.
-<p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p>
-````````````````````````````````
-
 ```````````````````````````````` example
 [foo [bar](/uri)][ref]