https://blog.zrj.me/tags/%E6%AD%A3%E5%88%99%E8%A1%A8%E8%BE%BE%E5%BC%8F/ Recent content in 正则表达式 on ZRJ | 学习笔记 Hugo -- gohugo.io zh-CN Sun, 25 Nov 2012 22:51:45 +0800 https://blog.zrj.me/posts/2012-11-25-%E4%BD%BF%E7%94%A8%E6%AD%A3%E5%88%99%E6%8F%90%E5%8F%96%E5%92%8C%E6%9B%BF%E6%8D%A2%E5%BE%AE%E5%8D%9A%E6%AD%A3%E6%96%87%E4%B8%AD%E7%9A%84%E6%8F%90%E5%8F%8A/ Sun, 25 Nov 2012 22:51:45 +0800 https://blog.zrj.me/posts/2012-11-25-%E4%BD%BF%E7%94%A8%E6%AD%A3%E5%88%99%E6%8F%90%E5%8F%96%E5%92%8C%E6%9B%BF%E6%8D%A2%E5%BE%AE%E5%8D%9A%E6%AD%A3%E6%96%87%E4%B8%AD%E7%9A%84%E6%8F%90%E5%8F%8A/ <p>这段时间在折腾一个的 mini 型微博，晚上遇到一个问题就是要把微博和评论正文中的 @ 提及他人转换成链接，在网络上拼拼凑凑，也算弄出来了</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-php" data-lang="php"><span class="line"><span class="cl"><span class="cm">/* </span></span></span><span class="line"><span class="cl"><span class="cm"> * 显示带有 @ 提及他人的微博正文 </span></span></span><span class="line"><span class="cl"><span class="cm"> */</span> </span></span><span class="line"><span class="cl"><span class="k">function</span> <span class="nf">tweet_echo</span><span class="p">(</span><span class="nv">$content</span><span class="p">)</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nv">$content</span> <span class="o">=</span> <span class="nx">htmlspecialchars</span><span class="p">(</span><span class="nv">$content</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="nv">$pattern</span> <span class="o">=</span> <span class="s1">&#39;/@([x{4e00}-x{9fa5}A-Za-z0-9]*)/u&#39;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="nv">$replacement</span> <span class="o">=</span> <span class="s1">&#39;&lt;a href=&#34;user.php?name=\1&#34;&gt;@\1&lt;/a&gt;&#39;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="nv">$content</span> <span class="o">=</span> <span class="nx">preg_replace</span><span class="p">(</span><span class="nv">$pattern</span><span class="p">,</span> <span class="nv">$replacement</span><span class="p">,</span> <span class="nv">$content</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="k">echo</span> <span class="nv">$content</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="nx">var_dump</span><span class="p">(</span><span class="nv">$content</span><span class="p">);</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nx">tweet_echo</span><span class="p">(</span><span class="s1">&#39;&lt;style&gt;color:red;&lt;/style&gt;测试@第一个人 @第二个人@没有空格@ @没有人名&#39;</span><span class="p">);</span> </span></span></code></pre></div><p>输出</p> <pre tabindex="0"><code>&lt;style&gt;color:red;&lt;/style&gt;测试@第一个人 @第二个人@没有空格@ @没有人名 string &#39;&amp;lt;style&amp;gt;color:red;&amp;lt;/style&amp;gt;测试&lt;a href=&#34;user.php?name=第一个人&#34;&gt;@第一个人&lt;/a&gt; &lt;a href=&#34;user.php?name=第二个人&#34;&gt;@第二个人&lt;/a&gt;&lt;a href=&#34;user.php?name=没有空格&#34;&gt;@没有空格&lt;/a&gt;&lt;a href=&#34;user.php?name=&#34;&gt;@&lt;/a&gt; &lt;a href=&#34;user.php?name=没有人名&#34;&gt;@没有人名&lt;/a&gt;&#39; (length=291) </code></pre> https://blog.zrj.me/posts/2012-10-14-%E9%92%88%E5%AF%B9%E6%AD%A3%E5%88%99%E5%BC%95%E6%93%8E%E7%9A%84%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1%E6%94%BB%E5%87%BB/ Sun, 14 Oct 2012 15:50:46 +0800 https://blog.zrj.me/posts/2012-10-14-%E9%92%88%E5%AF%B9%E6%AD%A3%E5%88%99%E5%BC%95%E6%93%8E%E7%9A%84%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1%E6%94%BB%E5%87%BB/ <p>最近在看这个书，<a class="link" href="http://book.douban.com/subject/10546925/" title="http://book.douban.com/subject/10546925/" target="_blank" rel="noopener" >http://book.douban.com/subject/10546925/</a>，在 311 页讲到了一个针对正则引擎的 DoS，叫做 ReDoS，wiki 看这里，<a class="link" href="http://en.wikipedia.org/wiki/ReDoS" title="http://en.wikipedia.org/wiki/ReDoS" target="_blank" rel="noopener" >http://en.wikipedia.org/wiki/ReDoS</a>，原因是正则引擎在匹配的时候是用状态机，然而通过构造一些特殊的输入，可以让这个状态机需要尝试的路径暴涨，于是就耗时也跟着上升，照着书上敲了代码如下，不得不说 python 在这种时候真是不二选择啊</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="ch">#!/usr/bin/env python</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># retime.py - Python test program for regular expression DoS attacks</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># paramemers</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># regex: the expression to be tested</span> </span></span><span class="line"><span class="cl"><span class="c1"># maketeststring: a function which generates a test string from a</span> </span></span><span class="line"><span class="cl"><span class="c1"># length patameter</span> </span></span><span class="line"><span class="cl"><span class="c1"># maxiter: maximum number of test iterations to be performed</span> </span></span><span class="line"><span class="cl"><span class="c1"># maxtime: maximum execution time in seconds for one iteration</span> </span></span><span class="line"><span class="cl"><span class="c1"># before the test program is terminated</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">regex</span> <span class="o">=</span> <span class="sa">r</span><span class="s2">&#34;^(a+)+$&#34;</span> </span></span><span class="line"><span class="cl"><span class="n">maketeststring</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">n</span> <span class="p">:</span> <span class="s2">&#34;a&#34;</span> <span class="o">*</span> <span class="n">n</span> <span class="o">+</span> <span class="s2">&#34;!&#34;</span> </span></span><span class="line"><span class="cl"><span class="n">maxiter</span> <span class="o">=</span> <span class="mi">50</span> </span></span><span class="line"><span class="cl"><span class="n">maxtime</span> <span class="o">=</span> <span class="mi">2</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># modules used by this program</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">re</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">time</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">sys</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># main function</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">main</span><span class="p">():</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Python Regular Expression DoS demo&#34;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Platform: </span><span class="si">%s</span><span class="s2"> </span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> <span class="p">(</span><span class="n">sys</span><span class="o">.</span><span class="n">platform</span><span class="p">,</span> <span class="n">sys</span><span class="o">.</span><span class="n">version</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Regular expression: </span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> <span class="p">(</span><span class="n">regex</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Typical test string: </span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> <span class="p">(</span><span class="n">maketeststring</span><span class="p">(</span><span class="mi">10</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Max iterations: </span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> <span class="p">(</span><span class="n">maxiter</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;Max match time: </span><span class="si">%s</span><span class="s2"> sec</span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> <span class="p">(</span><span class="n">maxtime</span><span class="p">,</span> <span class="s2">&#34;s&#34;</span> <span class="k">if</span> <span class="n">maxtime</span><span class="o">!=</span><span class="mi">1</span> <span class="k">else</span> <span class="s2">&#34;&#34;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="n">cregex</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="n">regex</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">xrange</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="n">maxiter</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">time</span> <span class="o">=</span> <span class="n">runtest</span><span class="p">(</span><span class="n">cregex</span><span class="p">,</span> <span class="n">i</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">time</span> <span class="o">&gt;</span> <span class="n">maxtime</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">break</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># run one test</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">runtest</span><span class="p">(</span><span class="n">regex</span><span class="p">,</span> <span class="n">n</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">teststr</span> <span class="o">=</span> <span class="n">maketeststring</span><span class="p">(</span><span class="n">n</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="n">starttime</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">clock</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="k">match</span> <span class="o">=</span> <span class="n">regex</span><span class="o">.</span><span class="k">match</span><span class="p">(</span><span class="n">teststr</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="n">elapsetime</span> <span class="o">=</span> <span class="nb">int</span><span class="p">((</span><span class="n">time</span><span class="o">.</span><span class="n">clock</span><span class="p">()</span><span class="o">-</span><span class="n">starttime</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="n">count</span> <span class="o">=</span> <span class="mi">0</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="k">match</span> <span class="o">!=</span> <span class="kc">None</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="n">count</span> <span class="o">=</span> <span class="k">match</span><span class="o">.</span><span class="n">end</span><span class="p">()</span> <span class="o">-</span> <span class="k">match</span><span class="o">.</span><span class="n">start</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s2">&#34;For n=</span><span class="si">%d</span><span class="s2">, match time=</span><span class="si">%d</span><span class="s2"> msec</span><span class="si">%s</span><span class="s2">, match count=</span><span class="si">%s</span><span class="s2">&#34;</span> <span class="o">%</span> </span></span><span class="line"><span class="cl"> <span class="p">(</span><span class="n">n</span><span class="p">,</span> <span class="n">elapsetime</span><span class="p">,</span> <span class="s2">&#34;&#34;</span> <span class="k">if</span> <span class="n">elapsetime</span><span class="o">==</span><span class="mi">1</span> <span class="ow">or</span> <span class="n">elapsetime</span><span class="o">==</span><span class="mi">0</span> <span class="k">else</span> <span class="s2">&#34;s&#34;</span><span class="p">,</span> <span class="n">count</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="nb">float</span><span class="p">(</span><span class="n">elapsetime</span><span class="p">)</span><span class="o">/</span><span class="mi">1000</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&#34;__main__&#34;</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="n">main</span><span class="p">()</span> </span></span></code></pre></div><p>输出</p> <pre tabindex="0"><code>Python Regular Expression DoS demo Platform: win32 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] Regular expression: ^(a+)+$ Typical test string: aaaaaaaaaa! Max iterations: 50 Max match time: 2 secs For n=1, match time=0 msec, match count=0 For n=2, match time=0 msec, match count=0 For n=3, match time=0 msec, match count=0 For n=4, match time=0 msec, match count=0 For n=5, match time=0 msec, match count=0 For n=6, match time=0 msec, match count=0 For n=7, match time=0 msec, match count=0 For n=8, match time=0 msec, match count=0 For n=9, match time=0 msec, match count=0 For n=10, match time=0 msec, match count=0 For n=11, match time=0 msec, match count=0 For n=12, match time=0 msec, match count=0 For n=13, match time=1 msec, match count=0 For n=14, match time=2 msecs, match count=0 For n=15, match time=4 msecs, match count=0 For n=16, match time=8 msecs, match count=0 For n=17, match time=16 msecs, match count=0 For n=18, match time=33 msecs, match count=0 For n=19, match time=65 msecs, match count=0 For n=20, match time=131 msecs, match count=0 For n=21, match time=263 msecs, match count=0 For n=22, match time=529 msecs, match count=0 For n=23, match time=1063 msecs, match count=0 For n=24, match time=2120 msecs, match count=0 </code></pre><p>===================================================</p> <p>2012-10-14 15:53:55 update 注意到 46 行使用了 xrange，查找资料看到这里，<a class="link" href="http://ciniao.me/article.php?id=17" title="http://ciniao.me/article.php?id=17" target="_blank" rel="noopener" >http://ciniao.me/article.php?id=17</a></p> <blockquote> <p>range 函数说明：range([start,] stop[, step])，根据start与stop指定的范围以及step设定的步长，生成一个序列。 range示例: &raquo;&gt; range(5) [0, 1, 2, 3, 4] &raquo;&gt; range(1,5) [1, 2, 3, 4] &raquo;&gt; range(0,6,2) [0, 2, 4]</p> <p>xrange 函数说明：用法与range完全相同，所不同的是生成的不是一个数组，而是一个生成器。 xrange示例: &raquo;&gt; xrange(5) xrange(5) &raquo;&gt; list(xrange(5)) [0, 1, 2, 3, 4] &raquo;&gt; xrange(1,5) xrange(1, 5) &raquo;&gt; list(xrange(1,5)) [1, 2, 3, 4] &raquo;&gt; xrange(0,6,2) xrange(0, 6, 2) &raquo;&gt; list(xrange(0,6,2)) [0, 2, 4]</p> <p>由上面的示例可以知道：要生成很大的数字序列的时候，用xrange会比range性能优很多，因为不需要一上来就开辟一块很大的内存空间，这两个基本上都是在循环的时候用：</p> </blockquote>