Skip Navigation

Ruby @programming.dev

lautan @lemmy.ca

1y ago

The dangers of single line regular expressions

The dangers of single line regular expressions

The Neonify challenge on Hack The Box is a small Sinatra(a Ruby web framework) app, that generates a glowing text of the submitted value:

5 comments

Another application of Parse, don't validate. The vulnerability isn't really about the single-line regex, it's that the validation doesn't match the use. If the regex extracted (read: parsed) the valid bit with a group, then passed that through, it would be fine.
- Holy cow! What an absolute slog of a read. I'm not an AI model, but I'll do my best to summarize that link:
  [When writing code that works with non-trivial and null-able data types,] use a data structure that makes illegal states unrepresentable. Model your data using the most precise data structure you reasonably can[, ...] as quickly as you can. [W]rite functions on the data representation you wish you had, not the data representation you are given. The design process then becomes an exercise in bridging the gap.
  There. Hopefully someone out there learned something cool without having to read a 25-minute striptease before the author rushes through their main idea in the span of two bullet points found in the final 25% of the article.
  
  I think your summary is less useful than reading the whole article. Teaching well involves more than just stating a refined idea.
  I also think the ideas in the article are worth the 25 minutes.