| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: perl: unsafe empty pattern behavior |
| Date: | 2024-03-13 04:04:49 |
| Message-ID: | a2d160b7-ff67-41f1-5176-4b520a15ef4a@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2024-03-12 Tu 18:59, Tom Lane wrote:
> Jeff Davis <pgsql(at)j-davis(dot)com> writes:
>> On Tue, 2024-03-12 at 18:53 +0100, Alvaro Herrera wrote:
>>> I also tried grepping (for things
>>> like qr{}, qr[], qr||, qr!!) and didn't find anything beyond what you
>>> have ... but I only looked for the "qr" literal, not other ways to
>>> get regexes.
>> I think that's fine. qr// seems the most dangerous, because it seems to
>> behave differently in different versions of perl.
> I wonder whether perlcritic has sufficiently deep understanding of
> Perl code that it could find these hazards. I already checked,
> and found that there's no built-in filter for this (at least not
> in the perlcritic version I have), but maybe we could write one?
> The rules seem to be plug-in modules, so you can make your own
> in principle.
Yeah, that was my thought too. I'd start with ProhibitComplexRegexes.pm
as a template.
If nobody else does it I'll have a go, but it might take a while.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2024-03-13 04:08:18 | Re: Introduce XID age and inactive timeout based replication slot invalidation |
| Previous Message | Tom Lane | 2024-03-13 03:53:11 | Re: [EXTERNAL] Re: Add non-blocking version of PQcancel |