On Thu, Jun 8, 2017 at 7:33 AM Sam Ruby <[email protected]> wrote:
> On Thu, Jun 8, 2017 at 7:22 AM, sebb <[email protected]> wrote: > > On 8 June 2017 at 12:12, Shane Curcuru <[email protected]> wrote: > >> sebb wrote on 6/8/17 7:08 AM: > >>> On 8 June 2017 at 11:47, <[email protected]> wrote: > >>>> This is an automated email from the ASF dual-hosted git repository. > >> ...snip... > >> > >>>> def podlingStatus > >>>> - @resource.untaint if @resource =~ /\A\w+\Z/ > >>>> + @resource.untaint if @resource =~ /\a\w+\z/ > >>> > >>> Does \a mean anything? > >>> > >>> Why not use > >>> > >>> @resource.untaint if @resource =~ /^\w+$/ > >> > >> Actually, most ruby sites I've read learning ruby regex say: > >> > >> "Use \A and \z to match the start and end of the string" > >> > >> > https://stackoverflow.com/questions/577653/difference-between-a-z-and-in-ruby-regular-expressions > >> > >> I don't know what \a means for ruby's regex, but I find Rubular helpful: > >> > >> http://rubular.com/ > > > > Sorry, I was misled by my Perl background, where the default is for ^ > > $ to match whole strings. > > Even in Perl, ^ is start of line. So a string of the form > ../../../../etc/passwd^nvalid would match. Probably wouldn't have > made a difference in this case, but it is a good practice to get into. > > FWIW, I don't believe this regex is matching one way or another. I can only test in prod as there seems to be a missing step for an SMTP server. I'll dig into that a bit more. > - Sam Ruby > > > https://perldoc.perl.org/perlre.html#Metacharacters > > > > But the RE won't match all the resources currently in use ... e.g. > 'empire-db' > > > > '-' is not included in \w. > > > >> > >> -- > >> > >> - Shane > >> https://www.apache.org/foundation/marks/resources >
