jeff/expressive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Add information about untrusted input.
This commit is contained in:
ISibboI 2022-01-18 13:41:21 +01:00 committed by GitHub
parent b5c85b367f
commit 53f2b6979b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -539,6 +539,14 @@ Please report a panic in this crate immediately as issue on [github](https://git
Even if the crate itself is panic free, it allows the user to define custom functions that are executed by the crate. Even if the crate itself is panic free, it allows the user to define custom functions that are executed by the crate.
The user needs to ensure that the functions they provide to the crate never panic. The user needs to ensure that the functions they provide to the crate never panic.
## Untrusted input
This crate was not built with untrusted input in mind, but due to its simplicity and freedom of panics it is likely secure, keeping the following in mind:
* Limit the length of the untrusted input.
* If a mutable context is maintained between evaluations of untrusted input, the untrusted input might fill it gradually until the application runs out of memory.
* If no context is provided, a temporary mutable context is implicitly provided. This is freed after evaluation of every single string, so gradual filling cannot happen.
* If no context or a mutable context is provided, and the `regex_support` feature is activated, the `regex_replace` builtin function can be used to build an exponentially sized string.
## Contribution ## Contribution
If you have any ideas for features or see any problems in the code, architecture, interface, algorithmics or documentation, please open an issue on [github](https://github.com/ISibboI/evalexpr/issues). If you have any ideas for features or see any problems in the code, architecture, interface, algorithmics or documentation, please open an issue on [github](https://github.com/ISibboI/evalexpr/issues).
@ -548,4 +556,4 @@ If there is already an issue describing what you want to say, please add a thumb
* This crate uses the [`sync-readme`](https://github.com/phaazon/cargo-sync-readme) cargo subcommand to keep the documentation in `src/lib.rs` and `README.md` in sync. * This crate uses the [`sync-readme`](https://github.com/phaazon/cargo-sync-readme) cargo subcommand to keep the documentation in `src/lib.rs` and `README.md` in sync.
The subcommand only syncs from the documentation in `src/lib.rs` to `README.md`. The subcommand only syncs from the documentation in `src/lib.rs` to `README.md`.
So please alter the documentation in the `src/lib.rs` rather than altering anything in between `<!-- cargo-sync-readme start -->` and `<!-- cargo-sync-readme end -->` in the `README.md`. So please alter the documentation in the `src/lib.rs` rather than altering anything in between `<!-- cargo-sync-readme start -->` and `<!-- cargo-sync-readme end -->` in the `README.md`.