Posted on Oct 23, 2012 by
Quick Bird
An interesting feature of ruby is that certain regular expressions can modify and create new variables.
There are some restrictions which means it should rarely (never?) introduce a security risk.
"This assignment is implemented in the Ruby parser. The parser detects ‘regexp-literal =~ expression’ for the assignment. The regexp must be a literal without interpolation and placed at left hand side." - http://www.ruby-doc.org/core-1.9.3/Regexp.html
Example code:
somevar = 'before'
input = 'after' if /(?<somevar>.*)/ =~ input match = true end
puts somevar
Status: New
Labels:
Type-Defect
Priority-Medium