sqlparse is a non-validating SQL parser module for Python. In affected
versions the SQL parser contains a regular expression that is vulnerable
to ReDoS (Regular Expression Denial of Service). This issue was introduced
by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS).
This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users
are advised to upgrade. There are no known workarounds for this issue.
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 0.4.1:
- Just removed a debug print statement
- Remove support for end-of-life Python 2.7 and 3.4. Python 3.5+
is now required.
- Remaining strings that only consist of whitespaces are not
treated as statements anymore. Code that ignored the last
element from sqlparse.split() should be updated accordingly
since that function now doesn't return an empty string as the
last element in some cases.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
we have offcially dropped python2, so it is possible
that our code run on python3 only host, so change
shebang to python3 to avoid error like:
python: command not found
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
