You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RE2 was designed and implemented with an explicit goal of being able to handle regular expressions from untrusted users without risk. One of its primary guarantees is that the match time is linear in the length of the input string. It was also written with production concerns in mind: the parser, the compiler and the execution engines limit their memory usage by working within a configurable budget – failing gracefully when exhausted – and they avoid stack overflow by eschewing recursion.
P.S. You might find 7444e38 interesting because it added an experimental feature for computing program fanout in order to help users estimate the match cost.
I'm wondering if it would be a problem to allow an untrusted string to be used as a regex? What is meant/covered by "safe"?
See:
http://www.perlmonks.org/?node_id=1126914
http://stackoverflow.com/questions/20357755/how-can-i-safely-validate-an-untrusted-regex-in-perl/20357964
The text was updated successfully, but these errors were encountered: