[Python-ideas] Updated PEP 428 (pathlib)
MRAB
python at mrabarnett.plus.com
Wed Mar 6 18:51:33 CET 2013
On 2013-03-06 17:08, Charles-François Natali wrote:
>>>>> fnmatch.fnmatch('a'*50, '*a*'*50) # weird how the pattern/string order is reversed from re.match
>>
>> That will take about 200 years to complete with CPython. Maybe a
>> little less, if you're running a particularly fast computer. ;)
>>
>> Is that the sort of DoS issue you are looking for?
>
> Exactly (the complexity of a typical ad-hoc fnmatch() implementation
> is the reason some servers like vsftpd use their own version, and it's
> even worse with a regex-based implementation as you notice).
>
> Now, the question is whether we want to try to mitigate this or not...
>
It's not something I've ever used, but it doesn't look that difficult
compared to regex if all it has is "*", "?", "[...]" and "[!...]".
More information about the Python-ideas
mailing list