Merge pull request #16 from simplesamlphp/bugfix/regexp-not-ending-with-newline

tvdijen · web-flow · commit 430c152ecb20 · 2024-11-19T19:51:37.000+01:00
Make regexps more strict and refuse trailing newlines
diff --git a/src/CustomAssertionTrait.php b/src/CustomAssertionTrait.php
@@ -23,29 +23,26 @@
 trait CustomAssertionTrait
 {
     /** @var string */
-    private static string $nmtoken_regex = '/^[\w.:-]+$/u';
+    private static string $nmtoken_regex = '/^[\w.:-]+$/Du';
 
     /** @var string */
-    private static string $nmtokens_regex = '/^([\w.:-]+)([\s][\w.:-]+)*$/u';
+    private static string $nmtokens_regex = '/^([\w.:-]+)([\s][\w.:-]+)*$/Du';
 
     /** @var string */
-    private static string $datetime_regex = '/-?[0-9]{4}-(((0(1|3|5|7|8)|1(0|2))-(0[1-9]|(1|2)[0-9]|3[0-1]))|((0(4|6|9)|11)-(0[1-9]|(1|2)[0-9]|30))|(02-(0[1-9]|(1|2)[0-9])))T([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9])(\.[0-999])?((\+|-)([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9])|Z)?/i';
+    private static string $datetime_regex = '/-?[0-9]{4}-(((0(1|3|5|7|8)|1(0|2))-(0[1-9]|(1|2)[0-9]|3[0-1]))|((0(4|6|9)|11)-(0[1-9]|(1|2)[0-9]|30))|(02-(0[1-9]|(1|2)[0-9])))T([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9])(\.[0-999])?((\+|-)([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9])|Z)?/Di';
 
     /** @var string */
-    private static string $duration_regex = '/^([-+]?)P(?!$)(?:(?<years>\d+(?:[\.\,]\d+)?)Y)?(?:(?<months>\d+(?:[\.\,]\d+)?)M)?(?:(?<weeks>\d+(?:[\.\,]\d+)?)W)?(?:(?<days>\d+(?:[\.\,]\d+)?)D)?(T(?=\d)(?:(?<hours>\d+(?:[\.\,]\d+)?)H)?(?:(?<minutes>\d+(?:[\.\,]\d+)?)M)?(?:(?<seconds>\d+(?:[\.\,]\d+)?)S)?)?$/';
+    private static string $duration_regex = '/^([-+]?)P(?!$)(?:(?<years>\d+(?:[\.\,]\d+)?)Y)?(?:(?<months>\d+(?:[\.\,]\d+)?)M)?(?:(?<weeks>\d+(?:[\.\,]\d+)?)W)?(?:(?<days>\d+(?:[\.\,]\d+)?)D)?(T(?=\d)(?:(?<hours>\d+(?:[\.\,]\d+)?)H)?(?:(?<minutes>\d+(?:[\.\,]\d+)?)M)?(?:(?<seconds>\d+(?:[\.\,]\d+)?)S)?)?$/D';
 
     /** @var string */
-    private static string $qname_regex = '/^[a-zA-Z_][\w.-]*:[a-zA-Z_][\w.-]*$/';
+    private static string $qname_regex = '/^[a-zA-Z_][\w.-]*:[a-zA-Z_][\w.-]*$/D';
 
     /** @var string */
-    private static string $ncname_regex = '/^[a-zA-Z_][\w.-]*$/';
+    private static string $ncname_regex = '/^[a-zA-Z_][\w.-]*$/D';
 
     /** @var string */
     private static string $base64_regex = '/^(?:[a-z0-9+\/]{4})*(?:[a-z0-9+\/]{2}==|[a-z0-9+\/]{3}=)?$/i';
 
-    /** @var string */
-    private static string $hostname_regex = '/^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/';
-
     /***********************************************************************************
      *  NOTE:  Custom assertions may be added below this line.                         *
      *         They SHOULD be marked as `private` to ensure the call is forced         *
diff --git a/tests/Assert/DurationTest.php b/tests/Assert/DurationTest.php
@@ -59,6 +59,8 @@ public static function provideDuration(): array
             [false, 'P2M1Y'],
             [false, 'P'],
             [false, 'PT15.S'],
+            // Trailing newlines are forbidden
+            [false, "P20M\n"],
         ];
     }
 }
diff --git a/tests/Assert/NCNameTest.php b/tests/Assert/NCNameTest.php
@@ -46,6 +46,8 @@ public static function provideNCName(): array
             [false, 'Te*st'],
             [false, '1Test'],
             [false, 'Te:st'],
+            // Trailing newlines are forbidden
+            [false, "Test\n"],
         ];
     }
 }
diff --git a/tests/Assert/NMTokenTest.php b/tests/Assert/NMTokenTest.php
@@ -49,6 +49,8 @@ public static function provideNMToken(): array
             [false, 'foo bar'],
             // Commas are forbidden
             [false, 'foo,bar'],
+            // Trailing newlines are forbidden
+            [false, "foobar\n"],
         ];
     }
 }
diff --git a/tests/Assert/NMTokensTest.php b/tests/Assert/NMTokensTest.php
@@ -50,6 +50,8 @@ public static function provideNMTokens(): array
             [false, 'foo "bar" baz'],
             // Commas are forbidden
             [false, 'foo,bar'],
+            // Trailing newlines are forbidden
+            [false, "foobar\n"],
         ];
     }
 }
diff --git a/tests/Assert/QNameTest.php b/tests/Assert/QNameTest.php
@@ -46,6 +46,8 @@ public static function provideQName(): array
             [true, 'Test'],
             [false, '1Test'],
             [false, 'Te*st'],
+            // Trailing newlines are forbidden
+            [false, "some:Test\n"],
         ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,8 @@ public static function provideDuration(): array`
`59`	`59`	`[false, 'P2M1Y'],`
`60`	`60`	`[false, 'P'],`
`61`	`61`	`[false, 'PT15.S'],`
	`62`	`+ // Trailing newlines are forbidden`
	`63`	`+ [false, "P20M\n"],`
`62`	`64`	`];`
`63`	`65`	`}`
`64`	`66`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,8 @@ public static function provideNCName(): array`
`46`	`46`	`[false, 'Te*st'],`
`47`	`47`	`[false, '1Test'],`
`48`	`48`	`[false, 'Te:st'],`
	`49`	`+ // Trailing newlines are forbidden`
	`50`	`+ [false, "Test\n"],`
`49`	`51`	`];`
`50`	`52`	`}`
`51`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ public static function provideNMToken(): array`
`49`	`49`	`[false, 'foo bar'],`
`50`	`50`	`// Commas are forbidden`
`51`	`51`	`[false, 'foo,bar'],`
	`52`	`+ // Trailing newlines are forbidden`
	`53`	`+ [false, "foobar\n"],`
`52`	`54`	`];`
`53`	`55`	`}`
`54`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,8 @@ public static function provideNMTokens(): array`
`50`	`50`	`[false, 'foo "bar" baz'],`
`51`	`51`	`// Commas are forbidden`
`52`	`52`	`[false, 'foo,bar'],`
	`53`	`+ // Trailing newlines are forbidden`
	`54`	`+ [false, "foobar\n"],`
`53`	`55`	`];`
`54`	`56`	`}`
`55`	`57`	`}`