Is Regexp.new (user_input) in ruby safe?
Is it safe to create an object Regexp
from a custom request directly or do I need to do some checks first? The documentation doesn't say much about one or the other.
+3
taw
source
to share
1 answer
Sounds good if you allow any regexp to be created may be unsafe (possibly DOS reason) as regexp can be cpu intensive.
I would not like my client to be free to create their own regex.
https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
0
Horacio Branciforte
source
to share