Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
CRAP | |
100.00% |
1 / 1 |
| PhpSafeRegularExpression | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
4 | |
100.00% |
1 / 1 |
| validate | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
4 | |||
| 1 | <?php |
| 2 | namespace Apie\RegexValueObjects; |
| 3 | |
| 4 | use Apie\Core\Attributes\Description; |
| 5 | use Apie\Core\Attributes\FakeMethod; |
| 6 | use Apie\Core\ValueObjects\Interfaces\StringValueObjectInterface; |
| 7 | use Apie\Core\ValueObjects\IsStringValueObject; |
| 8 | use Apie\RegexValueObjects\Exceptions\ExpressionContainsLookAheads; |
| 9 | use Apie\RegexValueObjects\Exceptions\ExpressionContainsRepeatsInRepeats; |
| 10 | use Apie\RegexValueObjects\Exceptions\InvalidPhpRegularExpression; |
| 11 | |
| 12 | #[FakeMethod("createRandom")] |
| 13 | #[Description('Any regular expression that can be parsed with PHP preg_match method that contains no DDOS-vulnerable patterns.')] |
| 14 | final class PhpSafeRegularExpression implements StringValueObjectInterface |
| 15 | { |
| 16 | use IsStringValueObject; |
| 17 | use SharedRegularExpression; |
| 18 | |
| 19 | public static function validate(string $input): void |
| 20 | { |
| 21 | if (false === @preg_match($input, '')) { |
| 22 | throw new InvalidPhpRegularExpression($input, preg_last_error_msg()); |
| 23 | } |
| 24 | |
| 25 | // Check for lookaheads and lookbehinds |
| 26 | if (preg_match('/(?<!\w)[\(\[]\?[:=!<]|[\(\[]\?[:=!<](?!\w)/', $input)) { |
| 27 | throw new ExpressionContainsLookAheads($input); |
| 28 | } |
| 29 | // Check for nested repetitions |
| 30 | $repetition = '((\{\d*,\d*\})|\*|\+)'; // {\d,\d} or * or + |
| 31 | if (preg_match('/' . $repetition . '\)*' . $repetition . '/', $input)) { |
| 32 | throw new ExpressionContainsRepeatsInRepeats($input); |
| 33 | } |
| 34 | } |
| 35 | } |