Re: perl: unsafe empty pattern behavior

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <pgsql(at)j-davis(dot)com>
Cc: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: perl: unsafe empty pattern behavior
Date: 2024-03-13 04:04:49
Message-ID: a2d160b7-ff67-41f1-5176-4b520a15ef4a@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


On 2024-03-12 Tu 18:59, Tom Lane wrote:
> Jeff Davis <pgsql(at)j-davis(dot)com> writes:
>> On Tue, 2024-03-12 at 18:53 +0100, Alvaro Herrera wrote:
>>> I also tried grepping (for things
>>> like qr{}, qr[], qr||, qr!!) and didn't find anything beyond what you
>>> have ... but I only looked for the "qr" literal, not other ways to
>>> get regexes.
>> I think that's fine. qr// seems the most dangerous, because it seems to
>> behave differently in different versions of perl.
> I wonder whether perlcritic has sufficiently deep understanding of
> Perl code that it could find these hazards. I already checked,
> and found that there's no built-in filter for this (at least not
> in the perlcritic version I have), but maybe we could write one?
> The rules seem to be plug-in modules, so you can make your own
> in principle.

Yeah, that was my thought too. I'd start with ProhibitComplexRegexes.pm
as a template.

If nobody else does it I'll have a go, but it might take a while.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2024-03-13 04:08:18 Re: Introduce XID age and inactive timeout based replication slot invalidation
Previous Message Tom Lane 2024-03-13 03:53:11 Re: [EXTERNAL] Re: Add non-blocking version of PQcancel