«

For a project I have to implement lookup using NAPTR records from
DNS. Basicaly the consist of an substitution using POSIX ERE
syntax. (See RFC 3403).

Parsing the regexp to perl with minor corrections would probably solve
my problem in maost of the well behaved cases. But what about the not
so well behaved cases?

Is there an easy way to sanitize a regular expression such that it
is safe to run? Or should I write a full translation from ERE to perl?

Searhing CPAN doesn't ive me anything usefull.

Any other ideas?


//Makholm

On Apr 5, 11:57 am, Peter Makholm <pe...@makholm.net> wrote:
> For a project I have to implement lookup using NAPTR records from
> DNS. Basicaly the consist of an substitution using POSIX ERE
> syntax. (See RFC 3403).
>
> Parsing the regexp to perl with minor corrections would probably solve
> my problem in maost of the well behaved cases. But what about the not
> so well behaved cases?
>
> Is there an easy way to sanitize a regular expression such that it
> is safe to run? Or should I write a full translation from ERE to perl?
>
> Searhing CPAN doesn't ive me anything usefull.
>
> Any other ideas?
>
> //Makholm


Easy way? I doubt it. Perl regexp has too many special constructs
and
multiple uses of characters to be very easy. I would treat it like a
taint check on a web form: only allow what you know to be safe and
deny
anything else. Then do a non-interpolating substitution to prevent
leaking any information. So maybe convert /LHS/RHS/ to s'LHS'RHS'
where you have checked for legal characters and sequences in LHS and
RHS
and translated any differing POSIX-ish into Perl-ish.

Somebody must have made a comprehensive set of test cases for this
spec
as part of reviewing it. Find that.