Is Regexp.new (user_input) in ruby ​​safe?

Is it safe to create an object Regexp

from a custom request directly or do I need to do some checks first? The documentation doesn't say much about one or the other.

+3
security ruby


source to share


1 answer


Sounds good if you allow any regexp to be created may be unsafe (possibly DOS reason) as regexp can be cpu intensive.

I would not like my client to be free to create their own regex.



https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

0


source to share







All Articles
Loading...
X
Show
Funny
Dev
Pics