From 2b480e6b55e1b88f620f5f0931e75ea15da98220 Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Wed, 21 Apr 2021 22:41:34 +0200
Subject: [PATCH] Block weird search queries

---
 scipost/forms.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scipost/forms.py b/scipost/forms.py
index 58279b0c7..5c0ea177d 100644
--- a/scipost/forms.py
+++ b/scipost/forms.py
@@ -4,6 +4,7 @@ __license__ = "AGPL v3"
 
 import datetime
 import pyotp
+import re
 
 from django import forms
 from django.contrib.auth import authenticate
@@ -701,6 +702,10 @@ class SearchForm(HayStackSearchForm):
         if not self.cleaned_data.get("q"):
             return self.no_query_found()
 
+        # Block queries matching flagged regex to avoid gunicorn worker timeout
+        if re.search(r'\w{8,}.www.\w{7,}.cn', self.cleaned_data["q"]):
+            return self.no_query_found()
+
         sqs = self.searchqueryset.auto_query(self.cleaned_data["q"])
 
         if self.load_all:
-- 
GitLab