[英]regex matches wrong expressions
I have 2 different strings like 我有2种不同的字符串
abs1.qwerty.com:1234
and 和
abs11qwerty.com:1234
After using such regex "(?=" + name + ").*?:(\\\\d+)"
, where name is a given string. 使用此类正则表达式
"(?=" + name + ").*?:(\\\\d+)"
,其中name是给定的字符串。 I receive wrong match, because it assumes they are the same. 我收到错误的匹配,因为它假定它们是相同的。 What can be a solution to such problem?
有什么办法可以解决这种问题?
You need to regex escape name
- this is classic injection attack . 您需要使用正则表达式转义
name
-这是经典的注入攻击 。
If name
has regex characters in it the engine will interpret them them as part of the pattern, for example 如果
name
包含正则表达式字符,则引擎会将它们解释为模式的一部分,例如
name = ".*"
will likely match all names, allowing an attacker to extract data from the system. 可能会匹配所有名称,从而使攻击者可以从系统中提取数据。
Use something like the following: 使用如下所示的内容:
final String pattern = String.format("(?=%s).*?:(\\d+)", Pattern.quote(name))
In your example, if the pattern is abs1.qwerty.com
the regex engine interprets this is: 在您的示例中,如果模式为
abs1.qwerty.com
,则正则表达式引擎将其解释为:
So the pattern happily matches "abs11qwerty.com". 因此,模式愉快地匹配了“ abs11qwerty.com”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.