s/// doesn't support regex #166
Comments
|
AFAIK this was removed because of security vulnerabilities with allowing anyone to specify any regex. See #99. |
|
That seems correct. Abra rewrote it and it appears to no longer be vulnerable, so this can be fixed. |
|
I noticed that the bot doesn't support regex today and started tinkering with it before checking the issues. I've pushed my work adding regex back in to my fork. I've tested it against the malicious example in #99 and the examples in the article linked from there. It doesn't hang at all. Though, in the longer malicious examples from the article, it didn't replace, either. I suspect python's re package itself has been updated to sanitize that kind of input. |
linuxdaemon
pushed a commit
to linuxdaemon/CloudBot
that referenced
this issue
Sep 24, 2017
…anup Add check for joining user's nick in join mode hook
linuxdaemon
pushed a commit
to linuxdaemon/CloudBot
that referenced
this issue
Jan 31, 2018
…ache Add caching to herald.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
s/// doesn't support regex. It should.
Test:
(test(
s/($/)/
s/./
Expected output:
(test)
Actual output:
Bot doesn't seem to be triggered...
Did not find . in any recent messages.
The text was updated successfully, but these errors were encountered: