Closed k-wall closed 1 month ago
It is probably best to compile the expressions individually, and test the input against each pattern individually. Or, assemble a regex after you've validated that each part is a syntactically valid regex in some safe manner that respects RE precedence rules.. something like (pat1)|(pat2)...
. We'd need tests to ensure that anchors work properly.
The intent is the regular expressions are joined with a logic OR.
https://github.com/strimzi/metrics-reporter/blob/46db47fbe14950fe475ee4b59cc6519da69a0d60/src/main/java/io/strimzi/kafka/metrics/PrometheusMetricsReporterConfig.java#L59
However the approach is weak. The results of the match could be wrong, or regular expression parsing errors might be misleading.
For instance input like
hell[o,s]world
would lead to a valid regexhell[o|s]world
but with the pipe being interpreted literally rather than a logicor
(which would match literalhell|world
). The correct behaviour would be to be told thathell[o
is not a valid regex.Another example would be
hello\\,world
which would lead to an escaped pipe.