On 23/08/2022 17:18, Nick via Exim-users wrote:
> On 22/8/2022 Jeremy replied:
>
>> Which means I can't use a simple list lookup, nor a wildcard lookup, as these don't support capture
>>
>> In the current release of Exim, they do and you could.
>> Note: It is not possible to capture substrings in a regular expression match for later use, because the results of all lookups are cached. If a lookup is repeated, the result is taken from the cache, and no actual pattern matching takes place. The values of all the numeric variables are unset after a (n)wildlsearch match.
> (Ch. 9 "File and database lookups", section 3, under "wildlsearch or nwildlsearch" - the only mention of the word "capture" in this chapter.)
>
> It's possible I missed something?
I was talking about lookups in lists, so Ch. 10.
It's a bit buried, but:
Sec 9 (Domain lists)
"If a pattern starts with a circumflex...
$1 (onwards) to any submatches identified by parentheses".
Sec 22 (Local part lists)
"These behave in the same way as domain and host lists".
[
For (n)wildlsearch lookups, you can add a no_rd option so
that they do not cache. I've no idea if substrings from
(n)wildlsearcha regex lookup are captured though.
]
However, your basic point that you can't use wildcard matches
as a way of avoiding the security provided by taint-tracking,
is correct.
Yes, more abstruse ways exist. Welcome to log4j hell.
--
Cheers,
Jeremy
