ansaurus

Question

Is stringing together multiple regular expressions with "or" safe?

Answer 1

+1 A:

It's as safe as anything else in regular expressions!

Cade Roux 2009-09-28 16:11:47

-1 What is the point of this answer?

Chris Lutz 2009-09-28 16:45:33

The point is that there is nothing inherently unsafe with regular expressions - they either match or they don't. What is unsafe is a system where the regular expression encounters boundary conditions or unexpected/unanticipated input. In this case, the regular expression is very simple, but the author gives no indication of any other controls or specification for the input. Because regular expressions are deterministic, I stand by my answer.

Cade Roux 2009-09-28 20:59:03

Answer 2

A:

As far as regexes go , Google code search provides regexes for searches so ... it's possible to have safe regexes

xxxxxxx 2009-09-28 16:16:03

Answer 3

+2 A:

As long as they are valid regexes, it should be safe. Unclosed parentheses, brackets, braces, etc would be a problem. You could try to parse each piece before adding it to the main regex to verify they are complete.

Also, some engines have escapes that can toggle regex flags within the expression (like case sensitivity). I don't have enough experience to say if this carries over into the second part of the OR or not. Being a state machine, I'd think it wouldn't.

YotaXP 2009-09-28 16:19:03

Answer 4

A:

I don't see any possible problem too.

I guess by saying 'Safe' you mean that it will match as you needed (because I've never heard of RegEx security hole). Safe or not, we can't tell from this. You need to give us more detail like what the full regex is. Do you wrap it with group and allow multiple? Do you wrap it with start and end anchor?

If you want to match a few class file name make sure you use start and end anchor to be sure the matching is done from start til end. Like this "^(file1|file2)\.class$". Without start and end anchor, you may end up matching 'my_file1.class too'

NawaMan 2009-09-28 16:20:48

Don’t forget to escape the dot.

Gumbo 2009-09-28 16:23:36

Thanks, I will edit that :D

NawaMan 2009-09-28 16:42:00

Answer 5

+2 A:

Not only is it safe, it's likely to yield better performance than separate regex matching.

Take the individual regex patterns and test them. If they work as expected then OR them together and each one will still get matched. Thus, you've increased the coverage using one regex rather than multiple regex patterns that have to be matched individually.

Ahmad Mageed 2009-09-28 16:36:55

Answer 6

A:

The answer is that yes this is safe, and the reason why this is safe is that the '|' has the lowest precedence in regular expressions.

That is:

regexpa|regexpb|regexpc

is equivalent to

(regexpa)|(regexpb)|(regexpc)

with the obvious exception that the second would end up with positional matches whereas the first would not, however the two would match exactly the same input. Or to put it another way, using the Java parlance:

String.matches("regexpa|regexpb|regexpc");

is equivalent to

String.matches("regexpa") | String.matches("regexpb") | String.matches("regexpc");

Paul Wagland 2009-09-28 21:04:10

ansaurus

tags:

views:

answers:

Is stringing together multiple regular expressions with "or" safe?

related questions