Skip to content

PB-2205: using re.fullmatch() instead if re.match()#74

Merged
hansmannj merged 1 commit intodevelopfrom
fix_PB-2205_using_fullmatch_as_fallback
Feb 10, 2026
Merged

PB-2205: using re.fullmatch() instead if re.match()#74
hansmannj merged 1 commit intodevelopfrom
fix_PB-2205_using_fullmatch_as_fallback

Conversation

@hansmannj
Copy link
Member

@hansmannj hansmannj commented Feb 10, 2026
edited
Loading

Using fullmatch() instead of match() only makes the service safer. This way, even if the regex is not anchored, map.geo.admin.ch.evil.com bypass trick will still be detected by the fullmatch and blocked. Otherwise the regex needs to be anchored.
Now we have both: fullmatch plus an anchored regex

@github-actions github-actions bot added the bug label Feb 10, 2026
@hansmannj hansmannj requested a review from ltshb February 10, 2026 11:57
@hansmannj hansmannj force-pushed the fix_PB-2205_using_fullmatch_as_fallback branch from 5e8ab8f to 96a6c56 Compare February 10, 2026 12:33
@hansmannj
PB-2205: using re.fullmatch() instead if re.match()
8492dae 
Using fullmatch() instead of match() only makes the service safer.
This way, even if the regex is not anchored, map.geo.admin.ch.evil.com
bypass trick will still be detected by the fullmatch and blocked.
Otherwise the regex needs to be anchored.
@hansmannj hansmannj force-pushed the fix_PB-2205_using_fullmatch_as_fallback branch from 96a6c56 to 8492dae Compare February 10, 2026 12:34
@hansmannj hansmannj merged commit 8e9e611 into develop Feb 10, 2026
3 checks passed
@hansmannj hansmannj deleted the fix_PB-2205_using_fullmatch_as_fallback branch February 10, 2026 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ltshb ltshb ltshb approved these changes

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hansmannj @ltshb