#36768: Repetitive string concatentation (in a loop) in File.__iter__
--------------------------------------+------------------------------------
Reporter: wooseokdotkim | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: File uploads/storage | Version:
Severity: Normal | Resolution:
Keywords: concatenation | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Jacob Walls):
* keywords: DoS => concatenation
* stage: Unreviewed => Accepted
* summary: File.__iter__() Quadratic-time DoS => Repetitive string
concatentation (in a loop) in File.__iter__
* type: Bug => Cleanup/optimization
Comment:
Thanks for the follow-up.
> How should I patch it?
You can just collect and join the strings instead of concatenating them
during a loop.
In general, we won't audit the entire project for this pattern, but the
Security Team's rationale for directing the reporter to Trac was that we
did have a PoC of a degradation in hand, even if it was outside the bounds
of what we consider a security issue.
If you'd like to submit a PR, please set yourself in the owner field.
Thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/36768#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019ae5a45ecd-f636f1d1-8095-4099-912b-a4a11c9760e1-000000%40eu-central-1.amazonses.com.
