Expand description
TrustForge glob matching: the pattern language used by capability
target sets, negative-capability targets, and policy target_patterns.
Semantics (canonical since B8):
*matches any run (possibly empty) of characters except/**matches any run (possibly empty) of characters, including/- every other character,
?included, matches itself literally
Previously each call site converted the glob to a regex and matched
with the regex crate; the three private copies had drifted (two
still byte-iterated, corrupting non-ASCII patterns, and passed ?
through as a regex quantifier). This module is the single
implementation. It matches directly — no regex, no compilation step —
in O(pattern × value) worst case with plain DP, so untrusted patterns
cannot trigger pathological backtracking.
Functions§
- glob_
match - Match
valueagainst a TrustForge globpattern.