Re^4: creating qr from existing regex

Replies are listed 'Best First'.
Re^5: creating qr from existing regex by AnomalousMonk (Archbishop) on Feb 09, 2018 at 14:47 UTC
`c:\@Work\Perl\monks>perl -wMstrict -le "my $string = '/.u\/ba$/i'; ;; my $rx = eval 'qr' . $string; print $rx; print 'A: match' if 'u/Ba' =~ $rx; ;; my $ry = qr{ \A foo $rx }xms; print $ry; print 'B: match' if 'foolubatU/bA' =~ $ry; " (?i-xsm:.u/ba$) A: match (?msx-i: \A foo (?i-xsm:.u/ba$) ) B: match` [download] Update:* Of course, given that you're dealing with user-supplied data and considering the danger of an injection attack, maybe one should think twice about an eval-based approach. Give a man a fish: `<%-{-{-{-<`	[reply] [d/l] [select]
Re^5: creating qr from existing regex by Your Mother (Archbishop) on Feb 09, 2018 at 18:30 UTC
In addition to what AnomalousMonk said. Plain regular expressions can be constructed to be DoS attacks; even unintentionally. The handling varies from Perl version to version and I am pretty sure regular expressions were impossible to interrupt with a timeout historically so the "attack" was impossible to guard against. I have no idea if this is still the case in newer versions or when it changed if it did.	[reply]