stackoom
  简体   繁体   中英

regex matches wrong expressions

 原文  2016-08-01 07:50:53       java/ regex

Question

I have 2 different strings like 

abs1.qwerty.com:1234

and 

abs11qwerty.com:1234

After using such regex "(?=" + name + ").*?:(\\\\d+)" , where name is a given string. I receive wrong match, because it assumes they are the same. What can be a solution to such problem?

1 answers

solution1
 2  2016-08-01 07:55:22

You need to regex escape name - this is classic injection attack .

If name has regex characters in it the engine will interpret them them as part of the pattern, for example 

name = ".*"

will likely match all names, allowing an attacker to extract data from the system.

Use something like the following: 

final String pattern = String.format("(?=%s).*?:(\\d+)", Pattern.quote(name))

In your example, if the pattern is abs1.qwerty.com the regex engine interprets this is:

  • "abs1"- literal
  • "." - any character, once
  • "qwerty" - literal
  • "." - any character, once
  • "com" - literal

So the pattern happily matches "abs11qwerty.com".

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Regex Expressions in Java Regular Expressions (Regex) Java java regular expressions regex RegEx for matching mathematical expressions Regex to split numeric expressions Java regex expressions Java regular expressions / regex Java regex - combining expressions Regex for conditional expressions RegEx match multiple expressions?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM