英文:
How to check that my Regex is safe: Unsafe Regular Expressioneslintsecurity/detect-unsafe-regex
问题
export const isFloat = (value: string) => {
const pattern = /^[+-]?([0-9]+([,][0-9]*)?|[,][0-9]+)$/;
return pattern.test(value);
};
module.exports = {
root: true,
parserOptions: {
ecmaVersion: 2020,
sourceType: "module",
ecmaFeatures: {
jsx: true,
},
},
env: {
browser: true,
node: true,
es6: true,
},
settings: {
react: {
version: "detect",
},
"import/resolver": {
node: {
extensions: [".ts", ".tsx"],
},
},
},
plugins: ["@typescript-eslint"],
extends: [
"next/core-web-vitals",
"plugin:@typescript-eslint/recommended",
"airbnb",
"prettier",
"plugin:jsx-a11y/recommended",
"plugin:prettier/recommended",
"plugin:sonarjs/recommended",
"plugin:security/recommended", // this one
],
rules: {
"@typescript-eslint/no-unused-vars": "error",
"@typescript-eslint/no-explicit-any": "error",
"@typescript-eslint/explicit-function-return-type": "off",
"react/react-in-jsx-scope": "off",
"react/jsx-filename-extension": [
1,
{
extensions: [".ts", ".tsx"],
},
],
"react/jsx-props-no-spreading": "off",
"import/extensions": [
"error",
"ignorePackages",
{
js: "never",
jsx: "never",
ts: "never",
tsx: "never",
},
],
"jsx-a11y/anchor-is-valid": [
"error",
{
components: ["Link"],
specialLink: ["hrefLeft", "hrefRight"],
aspects: ["invalidHref", "preferButton"],
},
],
"no-nested-ternary": "off",
"import/prefer-default-export": "off",
},
};
英文:
I have a helper that checks if a value is float or not ( German numbers have commas instead of dots ):
export const isFloat = (value: string) => {
const pattern = /^[+-]?([0-9]+([,][0-9]*)?|[,][0-9]+)$/;
return pattern.test(value);
};
However, Eslint shows me this error:
Is it safe to ignore this rule?
Or should I fix my pattern? How to check that my regex is safe?
EDIT 1 ( The Fourth Bird comment )
EDIT2:
I also, that my colleague's function has the same warning!
This is my eslint configuration:
module.exports = {
root: true,
parserOptions: {
ecmaVersion: 2020,
sourceType: "module",
ecmaFeatures: {
jsx: true,
},
},
env: {
browser: true,
node: true,
es6: true,
},
settings: {
react: {
version: "detect",
},
"import/resolver": {
node: {
extensions: [".ts", ".tsx"],
},
},
},
plugins: ["@typescript-eslint"],
extends: [
"next/core-web-vitals",
"plugin:@typescript-eslint/recommended",
"airbnb",
"prettier",
"plugin:jsx-a11y/recommended",
"plugin:prettier/recommended",
"plugin:sonarjs/recommended",
"plugin:security/recommended", // this one
],
rules: {
"@typescript-eslint/no-unused-vars": "error",
"@typescript-eslint/no-explicit-any": "error",
"@typescript-eslint/explicit-function-return-type": "off",
"react/react-in-jsx-scope": "off",
"react/jsx-filename-extension": [
1,
{
extensions: [".ts", ".tsx"],
},
],
"react/jsx-props-no-spreading": "off",
"import/extensions": [
"error",
"ignorePackages",
{
js: "never",
jsx: "never",
ts: "never",
tsx: "never",
},
],
"jsx-a11y/anchor-is-valid": [
"error",
{
components: ["Link"],
specialLink: ["hrefLeft", "hrefRight"],
aspects: ["invalidHref", "preferButton"],
},
],
"no-nested-ternary": "off",
"import/prefer-default-export": "off",
},
};
答案1
得分: 1
以下是翻译好的部分:
^[+-]?:可选匹配+或-(?![\d,]*,,):负向先行断言,确保不匹配,,(?![\d,]*,$):不匹配字符串末尾的,(?!,\d+,):不匹配,然后是数字和另一个,,*\d[\d,]*:匹配可选的,,然后至少匹配一个数字,然后可选的数字或,$:字符串的结束
英文:
Instead of nesting the quantifier in a repeating group while matching, you can start the pattern with negative assertions to exclude what is not allowed and then match at least a single digit:
^[+-]?(?![\d,]*,,)(?![\d,]*,$)(?!,\d+,),*\d[\d,]*$
^[+-]?Optionally match+or-(?![\d,]*,,)Negative lookahead, assert not,,(?![\d,]*,$)Not,at the end of the string(?!,\d+,)Not,then digits and another,,*\d[\d,]*Match optional,followed by at least a single digit and then optional digits or,$End of string
const safe = require('safe-regex');
const regex = /^[+-]?(?![\d,]*,,)(?![\d,]*,$)(?!,\d+,),*\d[\d,]*$/;
console.log(safe(regex));
// Output true
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论