Re: regular expressions tainting?

< ^ > P N |<>|^_>< --- | ~ ...Help
Hi,

At Thu, 12 Oct 2006 07:36:06 +0900,
Hadmut Danisch wrote in [ruby-core:09152]:
> I am writing a ruby skript running under libapache-ruby, with $SAFE >
> 0 (2 I guess).
>
> I have a construct like
>
>   $stderr.puts "Tainted #{param.tainted?}"
>   case param
>     # Addressrange
>     when /^([\da-f\.:]+)\s*-\s*([\da-f\.:]+)$/i
>       v,b=$1,$2
>       $stderr.puts "Tainted #{param.tainted?} #{v.tainted?} #{b.tainted?}"
>
>
> where param is untainted. This piece of code outputs
>
> Tainted false
> Tainted false true true

I can't reproduce your result with your code.

It must occur iff the regexp is tainted, and it would be possibly
caused because it was created when $SAFE >= 3 or created from a string
read from outside.

-- 
Nobu Nakada