1254288 – Warning about unescaped left brace

Bug 1254288 - Warning about unescaped left brace

Summary: Warning about unescaped left brace

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	websec
Sub Component:
Version:	23
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Thorsten Leemhuis
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-17 15:48 UTC by Göran Uddeborg
Modified:	2015-12-28 22:59 UTC (History)
CC List:	2 users (show)
Fixed In Version:	websec-1.9.0-19.fc23
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-28 22:59:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Göran Uddeborg 2015-08-17 15:48:04 UTC

Description of problem:
After switching to F23 and perl 5.22, I get warnings about unescaped left brace in regex on lines 232 and 237 of /usr/bin/websec.


Version-Release number of selected component (if applicable):
perl-5.22.0-349.fc23.x86_64
websec-1.9.0-18.fc23.noarch


How reproducible:
Every time


Steps to Reproduce:
1. websec


Actual results:
(On standard error:)
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE ([^}]+)}/ at /usr/bin/websec line 232.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE ([^}]+)}/ at /usr/bin/websec line 237.


Expected results:
Nothing on standard error, a log on standard out.  (The log still appears as expected.


Additional info:
I'm not familiar with perl, but I googled the message, and it seems adding a backslash in front of each curly brace might solve the problem.  I tried it, and websec doesn't complain any more.  And websec still works, at least in a few simple cases.  But perl is a special language, and maybe I broke something on the way.

Comment 1 Tibbs Brookside 2015-11-16 12:20:42 UTC

I'm seeing the same thing. According to the Perl 5.22 documentation:

"A literal "{" should now be escaped in a pattern

If you want a literal left curly bracket (also called a left brace) in a regular expression pattern, you should now escape it by either preceding it with a backslash ("\{") or enclosing it within square brackets "[{]", or by using \Q; otherwise a deprecation warning will be raised. This was first announced as forthcoming in the v5.16 release; it will allow future extensions to the language to happen."

I don't know Perl either but I've escaped the curly brackets on lines 232 and 237 in /usr/bin/websec plus all the curly brackets in /usr/share/doc/websec/examples/ignore.list. These were all the places where I could find curly brackets being used as a literal.

Comment 2 Fedora Update System 2015-11-22 14:16:37 UTC

websec-1.9.0-19.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3880374dd1

Comment 3 Fedora Update System 2015-11-24 02:24:15 UTC

websec-1.9.0-19.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update websec'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-3880374dd1

Comment 4 Fedora Update System 2015-12-28 22:59:45 UTC

websec-1.9.0-19.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.