s/// doesn't support regex

CloudBotIRC / CloudBot

CloudBot - The simple, fast, expandable, open-source Python IRC Bot!

GNU General Public License v3.0

273 stars 249 forks source link

s/// doesn't support regex #166

Open lf- opened 9 years ago

lf- commented 9 years ago

s/// doesn't support regex. It should.

Test:

(test( s/($/)/ s/./ ## Expected output: (test) ## Actual output: _Bot doesn't seem to be triggered..._ Did not find . in any recent messages.

daboross commented 9 years ago

AFAIK this was removed because of security vulnerabilities with allowing anyone to specify any regex. See https://github.com/CloudBotIRC/CloudBot/issues/99.

lf- commented 9 years ago

That seems correct. Abra rewrote it and it appears to no longer be vulnerable, so this can be fixed.

lethargilistic commented 9 years ago

I noticed that the bot doesn't support regex today and started tinkering with it before checking the issues. I've pushed my work adding regex back in to my fork.

I've tested it against the malicious example in #99 and the examples in the article linked from there. It doesn't hang at all. Though, in the longer malicious examples from the article, it didn't replace, either. I suspect python's re package itself has been updated to sanitize that kind of input.