I have 2 different strings like
abs1.qwerty.com:1234
and
abs11qwerty.com:1234
After using such regex "(?=" + name + ").*?:(\\\\d+)"
, where name is a given string. I receive wrong match, because it assumes they are the same. What can be a solution to such problem?
You need to regex escape name
- this is classic injection attack .
If name
has regex characters in it the engine will interpret them them as part of the pattern, for example
name = ".*"
will likely match all names, allowing an attacker to extract data from the system.
Use something like the following:
final String pattern = String.format("(?=%s).*?:(\\d+)", Pattern.quote(name))
In your example, if the pattern is abs1.qwerty.com
the regex engine interprets this is:
So the pattern happily matches "abs11qwerty.com".
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.