On Fri, 27 May 2011 10:38:17 -0400 Kris Deugau <kdeu...@vianet.ca> wrote:
> I have a couple of instances of [a-z]+ and similar; is that > effectively as troublesome as .+ or .*? It could be, depending on what else is in the regex. There's a fairly nice Wikipedia article about evil regexes: http://en.wikipedia.org/wiki/ReDoS#Evil_regexes When I write SA rules, I never use the * or + operators. I always use something like {0,40} or {1,40} just to be on the safe side. (That still does not eliminate the possiblity of exponential behaviour from bad regexes, but it does offer some protection against bad behaviour from unfortunate strings to be matched.) Regards, David.
