Unsafe joining of regexs #17
Comments
|
It is probably best to compile the expressions individually, and test the input against each pattern individually. Or, assemble a regex after you've validated that each part is a syntactically valid regex in some safe manner that respects RE precedence rules.. something like |
|
Fixed in #32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The intent is the regular expressions are joined with a logic OR.
metrics-reporter/src/main/java/io/strimzi/kafka/metrics/PrometheusMetricsReporterConfig.java
Line 59 in 46db47f
However the approach is weak. The results of the match could be wrong, or regular expression parsing errors might be misleading.
For instance input like
hell[o,s]worldwould lead to a valid regexhell[o|s]worldbut with the pipe being interpreted literally rather than a logicor(which would match literalhell|world). The correct behaviour would be to be told thathell[ois not a valid regex.Another example would be
hello\\,worldwhich would lead to an escaped pipe.The text was updated successfully, but these errors were encountered: