Skip to content

fix(932130): use lazy regex #3730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix(932130): use lazy regex #3730

wants to merge 5 commits into from

Conversation

@fzipi
Copy link
Member

@fzipi fzipi commented Jun 3, 2024
edited
Loading

what

  • update regex to be more specific
  • change semantic from . (anything) to [^\(\)], which performs better while keeping the meaning

why

  • follow standards
  • optimize matching speed
  • prevent potential backtrackings

@fzipi fzipi requested a review from theseion June 3, 2024 19:43
theseion
theseion reviewed Jun 3, 2024
View reviewed changes
@fzipi fzipi force-pushed the rules/932130-use-lazy-regex branch from f65f101 to 4b8806d Compare June 3, 2024 20:19
theseion
theseion reviewed Jun 4, 2024
View reviewed changes
@github-actions github-actions bot added the Stale label Jul 24, 2024
@github-actions github-actions bot closed this Aug 8, 2024
@azurit azurit reopened this Aug 8, 2024
@azurit azurit removed the Stale label Aug 8, 2024
@github-actions github-actions bot added the Stale label Sep 8, 2024
@fzipi fzipi removed the Stale label Sep 16, 2024
@fzipi fzipi force-pushed the rules/932130-use-lazy-regex branch from 4b8806d to 16b9ad7 Compare September 17, 2024 13:27
@fzipi fzipi marked this pull request as ready for review September 17, 2024 13:28
@fzipi
Copy link
Member Author

fzipi commented Sep 17, 2024

Ugh, looks like a[b///]c works as a glob.

Xhoenix
Xhoenix requested changes Sep 19, 2024
View reviewed changes
theseion
theseion requested changes Sep 19, 2024
View reviewed changes
@fzipi fzipi mentioned this pull request Oct 7, 2024
Closed
@github-actions github-actions bot added the Stale label Oct 21, 2024
@github-actions github-actions bot removed the Stale label Oct 29, 2024
@Xhoenix
Copy link
Member

Xhoenix commented Nov 2, 2024

I tried a[b///]c on regex101 but couldn't reproduce a glob. How it works.

@fzipi
Copy link
Member Author

fzipi commented Nov 2, 2024 

mkdir abc
touch abc/myfile.txt
ls a[b///]c
myfile.txt

@Xhoenix
Copy link
Member

Xhoenix commented Nov 2, 2024

Didn't knew you meant it in shell context. I thought in regex terms. 🙂

@fzipi fzipi mentioned this pull request Nov 18, 2024
Closed
@fzipi fzipi mentioned this pull request Dec 2, 2024
Closed
@github-actions github-actions bot added the Stale label Dec 3, 2024
@github-actions github-actions bot closed this Dec 18, 2024
@Xhoenix Xhoenix reopened this Dec 18, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Dec 18, 2024
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@github-actions github-actions bot removed the Stale label Dec 19, 2024
@fzipi fzipi mentioned this pull request Jan 6, 2025
Closed
@github-actions github-actions bot added the Stale label Jan 19, 2025
@Xhoenix Xhoenix removed the Stale label May 15, 2025
@fzipi fzipi mentioned this pull request Jun 2, 2025
Closed
@github-actions github-actions bot added the Stale label Jun 15, 2025
@fzipi fzipi force-pushed the rules/932130-use-lazy-regex branch from 9c570f7 to b51d25d Compare June 21, 2025 13:56
@fzipi fzipi mentioned this pull request Jun 21, 2025
Closed
theseion
theseion requested changes Jun 26, 2025
View reviewed changes
@fzipi fzipi mentioned this pull request Jul 7, 2025
Closed
EsadCetiner
EsadCetiner requested changes Jul 8, 2025
View reviewed changes
@fzipi fzipi force-pushed the rules/932130-use-lazy-regex branch from 29fa791 to 991579d Compare July 8, 2025 21:13
@Xhoenix Xhoenix mentioned this pull request Aug 1, 2025
Closed
@fzipi fzipi mentioned this pull request Aug 4, 2025
Closed
@github-actions github-actions bot added the Stale label Aug 8, 2025
@Xhoenix Xhoenix removed the Stale label Aug 11, 2025
@fzipi fzipi mentioned this pull request Sep 1, 2025
Closed
@github-actions github-actions bot added the Stale label Sep 11, 2025
Xhoenix
Xhoenix reviewed Sep 18, 2025
View reviewed changes
regex-assembly/include/932130.ra
Comment on lines +14 to +17
\$\([^()]*\)
\$\{[^{}]*\}
<\([^()]*\)
>\([^()]*\)
Copy link
Member

@Xhoenix Xhoenix Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
\$\([^()]*\)
\$\{[^{}]*\}
<\([^()]*\)
>\([^()]*\)
\$\([^()]+\)
\$\{[^{}]+\}
<\([^()]+\)
>\([^()]+\)

We should expect atleast one character for command execution, $() or ${} will result in nothing for the attacker.

@github-actions github-actions bot removed the Stale label Sep 19, 2025
@fzipi fzipi mentioned this pull request Oct 6, 2025
Closed
@github-actions github-actions bot added the Stale label Oct 19, 2025
@github-actions github-actions bot closed this Nov 3, 2025
@Xhoenix Xhoenix reopened this Nov 3, 2025
@theseion theseion mentioned this pull request Nov 3, 2025
Closed
@github-actions github-actions bot removed the Stale label Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xhoenix Xhoenix Xhoenix requested changes

@theseion theseion theseion requested changes

@EsadCetiner EsadCetiner EsadCetiner requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@fzipi @Xhoenix @theseion @EsadCetiner @azurit