[oak perl] Most Annoying Regex?

Tue Apr 6 12:23:40 CDT 2004

I think the root problem is not that people write complicated regular 
expression, but that they write any regular expressions without tests or 
documentation. Even if your regex is simple, your data isn't. Here's a 
simple regex that crops up every place I work.

# security check
$file =~ s!\.\./!!g;

A lot of people think file path security just means that you need to 
strip out ../

Here's what's wrong with the regex:
1. The regex is wrong. It turns foo....//bar into foo../bar.
2. You should match and die, not substitute and continue. The regex is 
checking for an attack not a typo. Why would you let an attacker continue?
3. If you're letting untrusted users open arbitrary files, you're 
probably hosed regardless of your regex.

That's my most annoying regex =)

--Tony

David Fetter wrote:

>On Mon, Apr 05, 2004 at 10:59:13PM -0700, George Woolley wrote:
>  
>
>>On Monday 05 April 2004 3:09 pm, David Fetter wrote:
>>    
>>
>>>On Mon, Apr 05, 2004 at 03:13:12PM -0700, George Woolley wrote:
>>>      
>>>
>>>>What's the most annoying regex you've encountered?
>>>>        
>>>>
>>>Anything that doesn't fit on one line.   After that, they're all
>>>equally annoying, and don't belong in production code. :)
>>>
>>>Cheers,
>>>D
>>>      
>>>
>>David,
>>Thanks for the provocative response.
>>
>>Based on your response, my understanding is that your position is
>>that there are no production environments in which which it is ever
>>appropriate to use regular expressions in production code.
>>Is that your view?
>>    
>>
>
>I don't know how you managed to get that out of what I said.  In my
>experience, *complicated* regexes don't belong in production code.
>Multiple simple ones are a lot easier to code, debug, &c.
>
>Cheers,
>D
>  
>