Re: perl: unsafe empty pattern behavior

On 2024-03-12 Tu 18:59, Tom Lane wrote:
> Jeff Davis <pgsql@j-davis.com> writes:
>> On Tue, 2024-03-12 at 18:53 +0100, Alvaro Herrera wrote:
>>> I also tried grepping (for things
>>> like qr{}, qr[], qr||, qr!!) and didn't find anything beyond what you
>>> have ... but I only looked for the "qr" literal, not other ways to
>>> get regexes.
>> I think that's fine. qr// seems the most dangerous, because it seems to
>> behave differently in different versions of perl.
> I wonder whether perlcritic has sufficiently deep understanding of
> Perl code that it could find these hazards.  I already checked,
> and found that there's no built-in filter for this (at least not
> in the perlcritic version I have), but maybe we could write one?
> The rules seem to be plug-in modules, so you can make your own
> in principle.



Yeah, that was my thought too. I'd start with ProhibitComplexRegexes.pm 
as a template.

If nobody else does it I'll have a go, but it might take a while.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com