Revert "Added test for recursion check in python implementation" #11
Conversation
This reverts commit 9a262f5. According to wekan/wekan#2545, this file contains the WannaCry virus. I understand having a test that ensures a virus is properly scanned is interesting, but I think for the sake of the users, we should not redistribute such file in a useful tool like this one.
|
That looks indeed like a string used by an exploit to trigger ActiveX control stack buffer overflow on old Windows browsers. The dangerous bits, however, are not there in the JavaScript file, which is the code that used the string to activate a buffer overflow. For sure the person that shared the test was at some point trying to parse the so called “virus” and that triggered the recursion bug in esprima-python during the concatenation of the multiple escaped unicode characters. This should not be dangerous in any way, as it’s just a string of unicodes and nothing is done with it. However, I think we could change the content of the file so that it only adds multiple other clear text strings together, which is what the test actually needs. The recursion bug was that esprima-python ran out of stack if we added many objects one after the other in such way. Care for a pull request that concatenates together multiple strings instead of deleting the test plz? |
This reverts commit 9a262f5.
According to wekan/wekan#2545, this file contains the WannaCry virus.
I understand having a test that ensures a virus is properly scanned is interesting, but I think for the sake of the users, we should not redistribute such file in a useful tool like this one.
Once we get this merged, could we have a bump of the version?