On 8 June 2017 at 12:33, Sam Ruby <[email protected]> wrote: > On Thu, Jun 8, 2017 at 7:22 AM, sebb <[email protected]> wrote: >> On 8 June 2017 at 12:12, Shane Curcuru <[email protected]> wrote: >>> sebb wrote on 6/8/17 7:08 AM: >>>> On 8 June 2017 at 11:47, <[email protected]> wrote: >>>>> This is an automated email from the ASF dual-hosted git repository. >>> ...snip... >>> >>>>> def podlingStatus >>>>> - @resource.untaint if @resource =~ /\A\w+\Z/ >>>>> + @resource.untaint if @resource =~ /\a\w+\z/ >>>> >>>> Does \a mean anything? >>>> >>>> Why not use >>>> >>>> @resource.untaint if @resource =~ /^\w+$/ >>> >>> Actually, most ruby sites I've read learning ruby regex say: >>> >>> "Use \A and \z to match the start and end of the string" >>> >>> https://stackoverflow.com/questions/577653/difference-between-a-z-and-in-ruby-regular-expressions >>> >>> I don't know what \a means for ruby's regex, but I find Rubular helpful: >>> >>> http://rubular.com/ >> >> Sorry, I was misled by my Perl background, where the default is for ^ >> $ to match whole strings. > > Even in Perl, ^ is start of line. So a string of the form > ../../../../etc/passwd^nvalid would match. Probably wouldn't have > made a difference in this case, but it is a good practice to get into.
Not in my Perl: perl -e 'print(qq(../../../../etc/passwd\nvalid) =~ /^\w+$/)' => nil The behaviour changes if you add the /m qualifier: perl -e 'print(qq(../../../../etc/passwd\nvalid) =~ /^\w+$/m)' => 1 See https://perldoc.perl.org/perlre.html#Metacharacters > - Sam Ruby > >> https://perldoc.perl.org/perlre.html#Metacharacters >> >> But the RE won't match all the resources currently in use ... e.g. >> 'empire-db' >> >> '-' is not included in \w. >> >>> >>> -- >>> >>> - Shane >>> https://www.apache.org/foundation/marks/resources
