nick evansApr 19, 2023
I wrote a simple thing to collect most of the regexps defined in a module, to test them with ruby 3.2's `Regexp.linear_time?`. This could be useful for finding and preventing ReDoS vulnerabilities. In addition to consts it finds hard-coded regexp literals in method defs, even when dynamically defined with eval.
https://github.com/ruby/net-imap/blob/master/test/net/imap/regexp_collector.rb
net-imap/regexp_collector.rb at master · ruby/net-imap

Ruby client api for Internet Message Access Protocol - net-imap/regexp_collector.rb at master · ruby/net-imap

GitHub
Show threadnick evans

But it looks like I'll need to invoke some black magic (e.g. using a C extension or fiddle) to get access to locals captured by a define_method block, e.g:

re = dynamically_generated_regexp
define_method(:bar) {|baz| foo.match? baz }

I'd hoped they'd be accessible like they are on Proc, via `method.binding` or `method.to_proc.binding`.

Apr 19, 2023 at 6:33pmWeb
Show threadnick evansApr 19, 2023
patterns searching for patterns