Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^4: Is it safe to use external strings for regexes?

by dave_the_m (Monsignor)
on Oct 07, 2021 at 15:26 UTC ( #11137306=note: print w/replies, xml ) Need Help??


in reply to Re^3: Is it safe to use external strings for regexes?
in thread Is it safe to use external strings for regexes?

> is only allowed within the scope of use re 'eval'; with "newer" Perls yes. I noticed that you changed it around 2013, and am thankful for that. *
Um no, "use re 'eval'" has always been required to allow non-literal code blocks in patterns. The big "re eval" rewrite in 5.18.0 just made it smarter, so that for example a literal (and thus safe) code block could be interpolated into a run-time regex without needing the "use re 'eval'":
use re 'eval'; # ** no longer needed from 5.18.0 onwards $r = qr/xyz/; /(?{ foo() })$r/;

Dave.

Replies are listed 'Best First'.
Re^5: Is it safe to use external strings for regexes?
by LanX (Sage) on Oct 07, 2021 at 20:50 UTC
    > just made it smarter ... without needing the "use re 'eval'":

    hm, we seem to be talking about different things

    please compare these threads

    They show that concatenating literal strings to form an eval group used to work out of the box without use re 'eval' .

    Both examples don't include any variables but rely on concats aka .

    In detail: Some optimizer converted this

    •  ''=~ ( '(?{B' . 'EGIN{print "owned"}})' )
    into this at compile time
    •  ''=~ '(?{BEGIN{print "owned"}})'
    without complaining. Now it requires use re "eval"

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

      hm, we seem to be talking about different things
      I thought we were talking about using strings obtained from an external source (such as a file or DB) as a regex, and whether the (?{...}) feature could be exploited in that case. The example you gave of concatting two halves of a regex still requires the code to be literal in the source (albeit split) to not need 'use re eval' in the src code, even prior to 5.18.0.

      Dave.

        As I said, I'm thankful that your change rules out

        ''=~ ( '(?{B' . 'EGIN{print "owned"}})' )

        to happen.

        Like this I have a chance to statically check for BEGIN or use re before running perl -c

        (sorry eyepopslikeamosquito :)

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11137306]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2022-01-20 12:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (56 votes). Check out past polls.

    Notices?