Merge pull request #81 from aguzererler/fix-is-empty-dos-vulnerability-11032456762221174271

2026-03-22 06:49:05 +01:00 · 2026-03-22 06:49:05 +01:00 · f293f6447c
parent 26bbe853c1 2192a32d03
commit f293f6447c
1 changed files with 5 additions and 6 deletions
--- a/cli/main.py
+++ b/cli/main.py
@ -899,8 +899,6 @@ def extract_content_string(content):
    """Extract string content from various message formats.
    Returns None if no meaningful text content is found.
    """
-    import ast
-
    def is_empty(val):
        """Check if value is empty using Python's truthiness."""
        if val is None or val == "":
@ -909,10 +907,11 @@ def extract_content_string(content):
            s = val.strip()
            if not s:
                return True
-            try:
-                return not bool(ast.literal_eval(s))
-            except (ValueError, SyntaxError):
-                return False  # Can't parse = real text
+            # Check for common string representations of "empty" values
+            # to avoid using unsafe ast.literal_eval
+            if s.lower() in ("[]", "{}", "()", "none", "false", "0", "0.0", '""', "''"):
+                return True
+            return False
        return not bool(val)

    if is_empty(content):