http://www.perlmonks.org?node_id=1208774


in reply to Re^3: creating qr from existing regex
in thread creating qr from existing regex

that could work in general, but the input is dynamic, and someone might put in an escaped slash, i.e. \/

Replies are listed 'Best First'.
Re^5: creating qr from existing regex
by AnomalousMonk (Archbishop) on Feb 09, 2018 at 14:47 UTC

    c:\@Work\Perl\monks>perl -wMstrict -le "my $string = '/.*u\/ba$/i'; ;; my $rx = eval 'qr' . $string; print $rx; print 'A: match' if 'u/Ba' =~ $rx; ;; my $ry = qr{ \A foo $rx }xms; print $ry; print 'B: match' if 'foolubatU/bA' =~ $ry; " (?i-xsm:.*u/ba$) A: match (?msx-i: \A foo (?i-xsm:.*u/ba$) ) B: match

    Update: Of course, given that you're dealing with user-supplied data and considering the danger of an injection attack, maybe one should think twice about an eval-based approach.


    Give a man a fish:  <%-{-{-{-<

Re^5: creating qr from existing regex
by Your Mother (Archbishop) on Feb 09, 2018 at 18:30 UTC

    In addition to what AnomalousMonk said. Plain regular expressions can be constructed to be DoS attacks; even unintentionally. The handling varies from Perl version to version and I am pretty sure regular expressions were impossible to interrupt with a timeout historically so the "attack" was impossible to guard against. I have no idea if this is still the case in newer versions or when it changed if it did.