Regular Expression as part of query parameter for RESTful API

Asked Jan 11 '18 at 14:27

Active Jan 11 '18 at 14:27

Viewed 803 times

I am reading/implementing a RESTful API design, where the author has stated that regex can be used in the query param as part of filtering.

For example:

https://example.com/users?name=/bil?li/

From various articles on ReDoS, I can't help to think that this is not a very good idea because I don't believe there is a sane way to do validation and whitelisting on the incoming regex. And the datastore/database could suffer heavy penalties.

So if this requirement is part of an API spec, that I have no control over, how would I safely implement this feature?

I would be using Express.js

asked Jan 11 '18 at 14:27

Bill

3,059
3
31
47

Look at this answer of [regex validation](https://stackoverflow.com/questions/4747347/php-how-to-validate-a-regular-expression-itself) – Vladyslav Nikolaiev Jan 11 '18 at 14:54
Or even this [regex validation](https://stackoverflow.com/questions/2704857/how-to-check-if-a-given-regex-is-valid) – Vladyslav Nikolaiev Jan 11 '18 at 14:56

Regular Expression as part of query parameter for RESTful API

0 Answers0