Regex fix for mattr_accessor validation #20599
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The broken tests were fixed in c76b112 |
|
I think this sounds reasonable. can you rebase against master, so we see a Green build, before I merge it? thanks |
Change ^ and $ operators to \A and \z to prevent code injection after the line breaks
aliaksandrb
force-pushed
the
regex_fix_for_mattr_accessor
branch
from
5fb7026
to
3005c25
Compare
|
@arthurnn have rebased against master and bumped a Travis tests. Thanks for looking on it! |
arthurnn
pushed a commit
that referenced
this pull request
Oct 1, 2015
Regex fix for mattr_accessor validation
|
thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi!
This patch changes
^and$operators in regex that validates arguments passed tomattr_reader/writermethods to\Aand\zappropriately.Using
^and$allows arguments such asvalid\nwhatever_textthat definitely not valid and even more they would be executed in context ofclass_evalafter.So it could lead to the syntax errors or potential code injections if the arguments was created somehow dynamically.
Does it make sense or I miss something?
Thanks and have a good day! ☀️