Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As a security dude I spend way too much of my time fixing missing anchors or unescaped wildcards in regex. The good news is that it's trivial to detect with static analysis tooling. The bad news is that broken regex is often used for security checks.




Sometimes I wish regexes were full matches by default and required prefixing and postfixing with `.*` to get the current behaviour

reply


Java's Pattern.match() method works that way. Python has two separate methods: re.match auto-anchors, re.search does not.

reply


a match isn't boolean, it's substring. the original (and more common) use-cases would become excessively verbose

reply


https://xkcd.com/1171/

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: