Re: Untaint a string match, regular expression.

in reply to Untaint a string match, regular expression.

Either you let a user specify a regex , or you don't

Either you trust the user or you don't

If you have questions about pcre, start with its docs

But, if you cant even use the correct vocabulary, nothing is safe

Comment on Re: Untaint a string match, regular expression.

Replies are listed 'Best First'.
Re^2: Untaint a string match, regular expression. by cheako (Beadle) on May 18, 2015 at 00:14 UTC
I think it would be trivial to write a subroutine in perl that takes a string and splits it on '^', '$', '.*' and then recombines the string as a regex, with the rest of the string regex escaped. The above would allow for user to specify a regex and be secure for untrusted users. This can also be expanded to include many more features.	[reply]
Re^3: Untaint a string match, regular expression. by Anonymous Monk on May 18, 2015 at 00:17 UTC
Ok, if you think so, what is your question?	[reply]
Re^4: Untaint a string match, regular expression. by cheako (Beadle) on May 18, 2015 at 00:33 UTC
It's trivial for a few things, but quickly becomes larger than life. The question is how do we securely interpret an re with a large enough feature-set to be useful for most things. Looks like this may not be a concern and that's indeed an acceptable answer.	[reply]
Re^5: Untaint a string match, regular expression. by Anonymous Monk on May 18, 2015 at 00:48 UTC
Re^6: Untaint a string match, regular expression. by cheako (Beadle) on May 18, 2015 at 01:00 UTC
Some notes below your chosen depth have not been shown here

In Section Seekers of Perl Wisdom