On 07 Jul 2020, at 07:16, Henrik K <h...@hege.li> wrote: > On Tue, Jul 07, 2020 at 11:41:01AM +0000, Pedro David Marco wrote: >> >>> On Tuesday, July 7, 2020, 01:05:36 PM GMT+2, Henrik K <h...@hege.li> wrote: >> >> >>> What examply do you mean by checking multiple regex on the "same" URL? Give >> an example. Most likely it's already possible without any changes. >> >> >> for example.. checking if an URL matches Regex1 BUT does NOT matches >> Regex2 >> can be done with looksahead/behind but is cpu-expensive and may be too >> complex >> to maintain... > > Why would lookahead be expensive? It's normal regex. It's probably more > expensive to run two separate regexes.
Is the ReDos Attack relevant here? <https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS> "The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time." -- Once upon a time, a woman was picking up firewood. She came upon a poisonous snake frozen in the snow. She took the snake home and nurse it back to health. One day the snake bit her on the cheek. As she lay dying, she asked the snake, "Why have you done this to me?" And the snake answered, "Look, bitch, you knew I was a snake."
