| Lucas_Werkmeister_WMDE added a comment. |
As an interim solution, would it be okay to use unsandboxed preg_match for certain regexes which are known to be safe, and to continue to use SPARQL for all others? For example, currently, 2304 out of 2999 regexes in format constraints don’t contain any parentheses (query). That’s a very crude metric, but I think it’s a safe one (plenty of safe regexes have parentheses, but I don’t think it’s possible to construct a ReDoS attack without any nesting), and if it already classifies over ¾ths of regexes as safe, that could save us a lot of SPARQL calls.
TASK DETAIL
EMAIL PREFERENCES
To: Lucas_Werkmeister_WMDE
Cc: Halfak, Anomie, Smalyshev, tstarling, daniel, GWicke, Joe, Lucas_Werkmeister_WMDE, Krinkle, Aklapper, Lahi, Gq86, GoranSMilovanovic, QZanden, merbst, LawExplorer, Agabi10, SBisson, Wikidata-bugs, aude, jayvdb, fbstj, santhosh, Jdforrester-WMF, Mbch331, Rxy, Jay8g, Ltrlg, bd808, Legoktm
Cc: Halfak, Anomie, Smalyshev, tstarling, daniel, GWicke, Joe, Lucas_Werkmeister_WMDE, Krinkle, Aklapper, Lahi, Gq86, GoranSMilovanovic, QZanden, merbst, LawExplorer, Agabi10, SBisson, Wikidata-bugs, aude, jayvdb, fbstj, santhosh, Jdforrester-WMF, Mbch331, Rxy, Jay8g, Ltrlg, bd808, Legoktm
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
