Dan LuuJan 24, 2024

This discussion on the GitHub bug that let you make a "GitHub.com signed" commit as anybody (which is tagged as "Verified") makes me wonder if I'm missing something about parsers vs. regexes.

I'm not an expert (I've written maybe ~10 parsers on my life) but, in my mind, parsers seem easier to test and verify.

Many people seem to think that a parser would've had the exact same bug, but I would expect that a parser with the exact same bug would error out when it encountered an unexpected field.

Show threadteduJan 24, 2024

@danluu I think this is an odd case, because the data being parsed isn't really structured. it's crawling through free form text looking for certain patterns, which is a thing regex are good at. but you certainly could apply a parser to the lines.

ime the big difference is regex matching is likely to use .* and match empty when .+ is intended. nobody writing a lexer/parser will return empty string tokens by accident.

Show threadsasuke___420
@tedu @danluu This is a funny example because it is the opposite of what happened in this case. The author of the regex rejected empty author names but needed to accept them.
Jan 25, 2024 at 3:27pmWeb