Merge pull request #81 from aguzererler/fix-is-empty-dos-vulnerability-11032456762221174271

This commit is contained in:
ahmet guzererler 2026-03-22 06:49:05 +01:00 committed by GitHub
commit f293f6447c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 6 deletions

View File

@ -899,8 +899,6 @@ def extract_content_string(content):
"""Extract string content from various message formats.
Returns None if no meaningful text content is found.
"""
import ast
def is_empty(val):
"""Check if value is empty using Python's truthiness."""
if val is None or val == "":
@ -909,10 +907,11 @@ def extract_content_string(content):
s = val.strip()
if not s:
return True
try:
return not bool(ast.literal_eval(s))
except (ValueError, SyntaxError):
return False # Can't parse = real text
# Check for common string representations of "empty" values
# to avoid using unsafe ast.literal_eval
if s.lower() in ("[]", "{}", "()", "none", "false", "0", "0.0", '""', "''"):
return True
return False
return not bool(val)
if is_empty(content):