CloudBot icon indicating copy to clipboard operation
CloudBot copied to clipboard

Published 20 hours ago verified publisher icon CloudBotIRC

s/// doesn't support regex

Open lf- opened this issue 9 years ago • 3 comments

s/// doesn't support regex. It should.

Test:

(test( s/($/)/ s/./

Expected output:

(test)

Actual output:

Bot doesn't seem to be triggered...

Did not find . in any recent messages.

lf- avatar Jun 16 '15 13:06 lf-

AFAIK this was removed because of security vulnerabilities with allowing anyone to specify any regex. See https://github.com/CloudBotIRC/CloudBot/issues/99.

daboross avatar Jun 16 '15 21:06 daboross

That seems correct. Abra rewrote it and it appears to no longer be vulnerable, so this can be fixed.

lf- avatar Jun 17 '15 15:06 lf-

I noticed that the bot doesn't support regex today and started tinkering with it before checking the issues. I've pushed my work adding regex back in to my fork.

I've tested it against the malicious example in #99 and the examples in the article linked from there. It doesn't hang at all. Though, in the longer malicious examples from the article, it didn't replace, either. I suspect python's re package itself has been updated to sanitize that kind of input.

lethargilistic avatar Aug 23 '15 03:08 lethargilistic