Re^2: Untaint a string match, regular expression.

I think it would be trivial to write a subroutine in perl that takes a string and splits it on '^', '$', '.*' and then recombines the string as a regex, with the rest of the string regex escaped.

The above would allow for user to specify a regex and be secure for untrusted users. This can also be expanded to include many more features.

Comment on Re^2: Untaint a string match, regular expression.

Replies are listed 'Best First'.
Re^3: Untaint a string match, regular expression. by Anonymous Monk on May 18, 2015 at 00:17 UTC
Ok, if you think so, what is your question?	[reply]
Re^4: Untaint a string match, regular expression. by cheako (Beadle) on May 18, 2015 at 00:33 UTC
It's trivial for a few things, but quickly becomes larger than life. The question is how do we securely interpret an re with a large enough feature-set to be useful for most things. Looks like this may not be a concern and that's indeed an acceptable answer.	[reply]
Re^5: Untaint a string match, regular expression. by Anonymous Monk on May 18, 2015 at 00:48 UTC
It's trivial for a few things, but quickly becomes larger than life. The question is how do we securely interpret an re with a large enough feature-set to be useful for most things. Looks like this may not be a concern and that's indeed an acceptable answer. What do you mean by "securely", what is the security concern?	[reply]
Re^6: Untaint a string match, regular expression. by cheako (Beadle) on May 18, 2015 at 01:00 UTC
Re^7: Untaint a string match, regular expression. by Anonymous Monk on May 18, 2015 at 01:11 UTC