[rabbitmq-discuss] Missing ^ on access control doc page regex example?

James Gardner james.gardner at noaa.gov
Mon Mar 18 22:02:53 GMT 2013


Thanks, but...I just tested this and if you set, say, the config 
permission using the regex in the example:

^amq\.gen.*|amq\.default$

it will allow me to create a queue, for example, with the name:

testamq.default

so it is clearly not equivalent to
'^(amq\.gen.*|amq\.default)$'

which does /not/ allow me to create the above queue.

Again, although granting someone permission as in that particular doc 
example is unlikely to accidentally grant permission since the entity 
would have to be named <something>amq.default, it is still a misleading 
example to give to people who might use that pattern to form other more 
dangerously permissive regex's, under the false assumption that later 
alternations are anchored at the beginning.



On 03/18/2013 12:04 PM, Emile Joubert wrote:
> Hi James,
>
> On 18/03/13 16:22, James Gardner wrote:
>> In the RabbitMQ.com documentation, under Access Control, paragraph six,
>> it gives this as an example of a regex:
>> '^amq\.gen.*|amq\.default$'
> The regular expression syntax and semantics available in RabbitMQ
> resemble those of Perl and is based on PCRE. In that flavour of RE the
> example is correct - the alternate options are all subject to the
> anchors while matching.
>
>> Shouldn't it be
>> '^(amq\.gen.*|amq\.default)$'
> The expression is already equivalent to this one.
>
>
>
> -Emile
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130318/341c0a41/attachment.htm>


More information about the rabbitmq-discuss mailing list