| TECH |
Techable(テッカブル) |
出光興産とブリヂストン、EVに「空気を使わないタイヤ技術」活用のタイヤ装着。実用化へ向け実験 |
https://techable.jp/archives/197435
|
出光興産 |
2023-02-26 04:00:14 |
| python |
Pythonタグが付けられた新着投稿 - Qiita |
Django スタートアップ(アプリ作成~データベース作成編) |
https://qiita.com/Kate941-su/items/05e0cc13eeebf608c77b
|
installed |
2023-02-26 13:48:38 |
| python |
Pythonタグが付けられた新着投稿 - Qiita |
Django スタートアップ(プロジェクト作成編) |
https://qiita.com/Kate941-su/items/46661baf7546f3be70e8
|
djangoadminstartproject |
2023-02-26 13:31:24 |
| AWS |
AWSタグが付けられた新着投稿 - Qiita |
ネットワーク解析ツールのBatfishをAWS上に起動する |
https://qiita.com/Trick_Trick/items/32e7d97eb8aa19322b6d
|
batfish |
2023-02-26 13:17:45 |
| Docker |
dockerタグが付けられた新着投稿 - Qiita |
Docekr コマンド おさらい |
https://qiita.com/ryskBonn92/items/05c330a890e050697e41
|
dockerstartim |
2023-02-26 13:40:51 |
| Docker |
dockerタグが付けられた新着投稿 - Qiita |
Raspberry Pi 4 初期設定 + Docker導入 |
https://qiita.com/yukad2/items/43a33229839bece39992
|
docker |
2023-02-26 13:33:38 |
| golang |
Goタグが付けられた新着投稿 - Qiita |
テストデータ生成CLIツールつくった |
https://qiita.com/o-ga/items/6abb7081d470926cb128
|
追加 |
2023-02-26 13:42:28 |
| 海外TECH |
DEV Community |
Why you shouldn't use slow regular expressions |
https://dev.to/leduc1901/why-you-shouldnt-use-slow-regular-expressions-2bnc
|
Why you shouldn x t use slow regular expressions IntroductionMost of the regular expression engines use backtracking to try all possible execution paths of the regular expression when evaluating an input in some cases it can cause performance issues called catastrophic backtracking situations In the worst case the complexity of the regular expression is exponential in the size of the input this means that a small carefully crafted input like chars can trigger catastrophic backtracking and cause a denial of service of the application Super linear regex complexity can lead to the same impact too with in this case a large carefully crafted input thousands chars Why it happens Ask Yourself WhetherThe input is user controlled The input size is not restricted to a small number of characters There is no timeout in place to limit the regex evaluation time There is a risk if you answered yes to any of those questions Recommended Secure Coding PracticesTo avoid catastrophic backtracking situations make sure that none of the following conditions apply to your regular expression In all of the following cases catastrophic backtracking can only happen if the problematic part of the regex is followed by a pattern that can fail causing the backtracking to actually happen If you have a repetition r or r such that the regex r could produce different possible matches of possibly different lengths on the same input the worst case matching time can be exponential This can be the case if r contains optional parts alternations or additional repetitions but not if the repetition is written in such a way that there s only one way to match it If you have multiple repetitions that can match the same contents and are consecutive or are only separated by an optional separator or a separator that can be matched by both of the repetitions the worst case matching time can be polynomial O n c where c is the number of problematic repetitions For example a b is not a problem because a and b match different things and a a is not a problem because the repetitions are separated by a and can t match that However a a and have quadratic runtime If the regex is not anchored to the beginning of the string quadratic runtime is especially hard to avoid because whenever a match fails the regex engine will try again starting at the next index This means that any unbounded repetition if it s followed by a pattern that can fail can cause quadratic runtime on some inputs For example str split s will run in quadratic time on strings that consist entirely of spaces or at least contain large sequences of spaces not followed by a comma In order to rewrite your regular expression without these patterns consider the following strategies If applicable define a maximum number of expected repetitions using the bounded quantifiers like instead of for instance Refactor nested quantifiers to limit the number of way the inner group can be matched by the outer quantifier for instance this nested quantifier situation ba doesn t cause performance issues indeed the inner group can be matched only if there exists exactly one b char per repetition of the group Optimize regular expressions by emulating possessive quantifiers and atomic grouping Use negated character classes instead of to exclude separators where applicable For example the quadratic regex can be made linear by changing it to Sometimes it s not possible to rewrite the regex to be linear while still matching what you want it to match Especially when the regex is not anchored to the beginning of the string for which it is quite hard to avoid quadratic runtimes In those cases consider the following approaches Solve the problem without regular expressionsUse an alternative non backtracking regex implementations such as Google s RE or node re Use multiple passes This could mean pre and or post processing the string manually before after applying the regular expression to it or using multiple regular expressions One example of this would be to replace str split s s with str split and then trimming the spaces from the strings as a second step It is often possible to make the regex infallible by making all the parts that could fail optional which will prevent backtracking Of course this means that you ll accept more strings than intended but this can be handled by using capturing groups to check whether the optional parts were matched or not and then ignoring the match if they weren t For example the regex x y could be replaced with x y and then the call to str match regex could be replaced with matched str match regex and matched undefined Sensitive Code Example The regex evaluation will never end a test aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaa Sensitive Compliant SolutionPossessive quantifiers do not keep backtracking positions thus can be used if possible to avoid performance issues Unfortunately they are not supported in JavaScript but one can still mimick them using lookahead assertions and backreferences a test aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaa Compliant References OWASP Top Category A ーInjectionMITRE CWE ーUncontrolled Resource ConsumptionMITRE CWE ーInefficient Regular Expression Complexityowasp org ーOWASP Regular expression Denial of Service ーReDoSstackstatus net archived ーOutage Postmortem ーJuly regular expressions info ーRunaway Regular Expressions Catastrophic Backtrackingdocs microsoft com ーBacktracking with Nested Optional Quantifiers |
2023-02-26 04:41:22 |
| ニュース |
@日本経済新聞 電子版 |
「歴史的な金買い」が語る局面の変化
https://t.co/VQogTfSRrc |
https://twitter.com/nikkei/statuses/1629703529354100736
|
買い |
2023-02-26 04:42:54 |
| ニュース |
@日本経済新聞 電子版 |
伊能忠敬、活動支えた異能の商才 隠居前に資産20倍
https://t.co/cmFX4FBdSB |
https://twitter.com/nikkei/statuses/1629697015541276672
|
伊能忠敬 |
2023-02-26 04:17:01 |
| 海外ニュース |
Japan Times latest articles |
Macron to visit China as he urges Beijing to push Moscow to end war |
https://www.japantimes.co.jp/news/2023/02/26/world/politics-diplomacy-world/macron-china-visit/
|
Macron to visit China as he urges Beijing to push Moscow to end warThe French president said Saturday he would visit China in early April and urged Beijing to help put pressure on Russia to end the war |
2023-02-26 13:24:40 |
| 海外ニュース |
Japan Times latest articles |
Wales come up short against England after ‘harrowing’ week |
https://www.japantimes.co.jp/sports/2023/02/26/rugby/wales-england-six-nations/
|
Wales come up short against England after harrowing weekSaturday s Six Nations fixture in Cardiff came after a tense standoff between Wales players and the country s rugby union that nearly resulted in a strike |
2023-02-26 13:42:17 |
| 海外ニュース |
Japan Times latest articles |
Nobuhiro Tamura: ‘Those who need spirituality will find it themselves’ |
https://www.japantimes.co.jp/life/2023/02/26/people/nobuhiro-tamura-need-spirituality-will-find/
|
Nobuhiro Tamura Those who need spirituality will find it themselves A fan of s hip hop and electronic music former Buddhist monk Nobuhiro Tamura has opened a bar on Mount Koya to talk to people about |
2023-02-26 13:30:12 |
| 海外ニュース |
Japan Times latest articles |
French documentary, Spanish girl clinch top prizes at Berlinale |
https://www.japantimes.co.jp/culture/2023/02/26/entertainment-news/french-documentary-spanish-girl-clinch-top-prizes-berlinale/
|
awards |
2023-02-26 13:20:13 |
| ニュース |
BBC News - Home |
Dan Walker on bike accident: 'My whole body aches' |
https://www.bbc.co.uk/news/uk-64774977?at_medium=RSS&at_campaign=KARANGA
|
presenter |
2023-02-26 04:42:23 |
| ニュース |
BBC News - Home |
California storm wreaks havoc as snow hits LA |
https://www.bbc.co.uk/news/world-us-canada-64774725?at_medium=RSS&at_campaign=KARANGA
|
california |
2023-02-26 04:24:00 |
| ビジネス |
プレジデントオンライン |
なぜ日本人は「北欧」に惹かれるのか…フィンランド移住を果たした33歳女性が考える「意外な共通点」 - 「私たちは青い目の日本人」納得した友人の一言 |
https://president.jp/articles/-/66615
|
週末 |
2023-02-26 14:00:00 |
コメント
コメントを投稿