Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not special-case '_' as a pattern #14

Open
klntsky opened this issue Apr 10, 2019 · 0 comments
Open

Do not special-case '_' as a pattern #14

klntsky opened this issue Apr 10, 2019 · 0 comments

Comments

@klntsky
Copy link

klntsky commented Apr 10, 2019

This line was really scary to read:

if (patt === '_') {
    // Behaves like UnderscoreType
    return [true, [value]];
}

What if someone would use this library to match a dynamically-constructed string with another one, which can be altered by an adversary? The adversary may be able to inject '_', and then it will be interpreted as a wildcard pattern instead of a literal value, thus resulting in a wrong clause being executed.

For people who have had experience with functional programming, the natural expectation from any pattern matching system is to abide the property:

if b is a concrete value and a is not equal to b, then match(a, b, f) will not lead to f clause execution.

Though of course it is questionable where to draw a line between concrete values and patterns, I insist that special-casing like this is not intuitive and may lead to very bad things.

Moreover, the special-case is not documented at all, which is obviously an issue on its own.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@klntsky