edtanous
commented
3 years ago https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35522
Performance is one concern, security and correctness are another. As part of this audit, it was found that most of the regexes we use were incorrect in some subtle way, or could be greatly simplified by either calling the libraries built-in string verification routines, or handling errors properly.
A good example of this is https://adtmag.com/Blogs/Dev-Watch/2016/07/stack-overflow-crash.aspx A pretty simple regex took down all of stack overflow for a significant amount of time.
bmcweb should be avoiding issues like these.
We have been using the regex for validating an input string.
This issue is opened to address Ed's concern over the usage of regex - Std::regex is slow, takes a lot of memory, and complicates things that should be simple. In most cases, there are much more performant alternatives that are more clear in code.