Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Extends the Regexp
class with the methods: Regexp#examples
and Regexp#random_example
Regexp#examples
generates a list of all* strings that will match the given regular expression.
Regexp#random_example
returns one, random string (from all possible strings!!) that matches the regex.
* If the regex has an infinite number of possible strings that match it, such as /a*b+c{2,}/
,
or a huge number of possible matches, such as /.\w/
, then only a subset of these will be listed.
For more detail on this, see configuration options.
If you'd like to understand how/why this gem works, please check out my blog post about it.
/a*/.examples #=> ['', 'a', 'aa']
/ab+/.examples #=> ['ab', 'abb', 'abbb']
/this|is|awesome/.examples #=> ['this', 'is', 'awesome']
/https?:\/\/(www\.)?github\.com/.examples #=> ['http://github.com',
# 'http://www.github.com', 'https://github.com', 'https://www.github.com']
/(I(N(C(E(P(T(I(O(N)))))))))*/.examples #=> ["", "INCEPTION", "INCEPTIONINCEPTION"]
/\x74\x68\x69\x73/.examples #=> ["this"]
/what about (backreferences\?) \1/.examples
#=> ['what about backreferences? backreferences?']
/
\u{28}\u2022\u{5f}\u2022\u{29}
|
\u{28}\u{20}\u2022\u{5f}\u2022\u{29}\u{3e}\u2310\u25a0\u{2d}\u25a0\u{20}
|
\u{28}\u2310\u25a0\u{5f}\u25a0\u{29}
/x.examples #=> ["(•_•)", "( •_•)>⌐■-■ ", "(⌐■_■)"]
Obviously, you will get different (random) results if you try these yourself!
/\w{10}@(hotmail|gmail)\.com/.random_example #=> "TTsJsiwzKS@gmail.com"
/5[1-5][0-9]{14}/.random_example #=> "5224028604559821" (A valid MasterCard number)
/\p{Greek}{80}/.random_example
#=> "ΖΆΧͷᵦμͷηϒϰΟᵝΔ΄θϔζΌψΨεκᴪΓΕπι϶ονϵΓϹᵦΟπᵡήϴϜΦϚϴϑ͵ϴΉϺ͵ϹϰϡᵠϝΤΏΨϹϊϻαώΞΰϰΑͼΈΘͽϙͽξΆΆΡΡΉΓς"
/written by tom lord/i.random_example #=> "WrITtEN bY tOM LORD"
MRI 2.4.0 (oldest non-EOL version) --> 3.0.0 (latest stable version)
MRI 2.0.0 --> 2.3.x were supported until version 1.5.0
of this library. Support was dropped primarily
because of the need to use RbConfig::CONFIG['UNICODE_VERSION']
, which was added to ruby version 2.4.0
.
MRI versions ≤ 1.9.3 were never supported by this library. This is primarily because MRI 2.0.0 introduced a new
regexp engine (Oniguruma
was replaced by Onigmo
-- For example, named properties like /\p{Alpha}/
are illegal syntax on MRI 1.9.3.). Whilst most of this gem could be made to work with MRI 1.9.x
(or even 1.8.x), I considered the changes too significant to implement backwards compatability
(especially since long-term support for MRI 1.9.3 has long
ended).
Other implementations, such as JRuby, could probably work fine - but I haven't fully tried/tested it. Pull requests are welcome.
Add this line to your application's Gemfile:
gem 'regexp-examples'
And then execute:
$ bundle
Or install it yourself as:
$ gem install regexp-examples
Short answer: Everything is supported, apart from "irregular" aspects of the regexp language -- see impossible features.
Long answer:
All forms of repeaters (quantifiers), e.g. /a*/
, /a+/
, /a?/
, /a{1,4}/
, /a{3,}/
, /a{,2}/
/a*?/
, /a*+/
Boolean "Or" groups, e.g. /a|b|c/
Character sets, e.g. /[abc]/
- including:
/[A-Z0-9]/
/[^a-z]/
/[\w\s\b]/
/[[:alnum:]]/
, /[[:^space:]]/
/[[:punct:]]/
changed in version 2.4.0
./[[a-h]&&[f-z]]/
Escaped characters, e.g. /\n/
, /\w/
, /\D/
(and so on...)
Capture groups, e.g. /(group)/
/(?<name>group)/
/(this|that) \1/
/(?<name>foo) \k<name>/
/(?<future>the) \k'future'/
, /(a)(b) \k<-1>/
/(even(this(works?))) \1 \2 \3/
, /what about (this)? \1/
/(?:foo)/
/foo(?#comment)bar/
/(?~exp)/
This feature is available in ruby version >= 2.4.1
.
However, support in this gem is limited.Control characters, e.g. /\ca/
, /\cZ/
, /\C-9/
Escape sequences, e.g. /\x42/
, /\x5word/
, /#{"\x80".force_encoding("ASCII-8BIT")}/
Unicode characters, e.g. /\u0123/
, /\uabcd/
, /\u{789}/
Octal characters, e.g. /\10/
, /\177/
Named properties, e.g. /\p{L}/
("Letter"), /\p{Arabic}/
("Arabic character")
, /\p{^Ll}/
("Not a lowercase letter"), /\P{^Canadian_Aboriginal}/
("Not not a Canadian aboriginal character")
/\p{Arabic}/.examples(max_group_results: 999)
will give you a different answer in ruby v2.1.x and v2.2.x)Arbitrarily complex combinations of all the above!
Regexp options can also be used:
/cool/i.examples #=> ["cool", "cooL", "coOl", "coOL", ...]
/./m.examples #=> ["\n", "a", "b", "c", "d"]
/line1 #comment \n line2/x.examples #=> ["line1line2"]
/before(?imx-imx)after/
, /before(?imx-imx:subexpr)after/
When generating examples, the gem uses 3 configurable values to limit how many examples are listed:
max_repeater_variance
(default = 2
) restricts how many examples to return for each repeater. For example:
.*
is equivalent to .{0,2}
.+
is equivalent to .{1,3}
.{2,}
is equivalent to .{2,4}
.{,3}
is equivalent to .{0,2}
.{3,8}
is equivalent to .{3,5}
max_group_results
(default = 5
) restricts how many characters to return for each "set". For example:
\d
is equivalent to [01234]
\w
is equivalent to [abcde]
[h-s]
is equivalent to [hijkl]
(1|2|3|4|5|6|7|8)
is equivalent to [12345]
max_results_limit
(default = 10000
) restricts the maximum number of results that can possibly be generated. For example:
/c+r+a+z+y+ * B+I+G+ * r+e+g+e+x+/i.examples.length <= 10000
-- Attempting this will NOT freeze your system, even though
(by the above rules) this "should" attempt to generate 117546246144 examples.Rexexp#examples
makes use of all these options; Rexexp#random_example
only uses max_repeater_variance
, since the other options are redundant.
To use an alternative value, you can either pass the configuration option as a parameter:
/a*/.examples(max_repeater_variance: 5)
#=> [''. 'a', 'aa', 'aaa', 'aaaa' 'aaaaa']
/[F-X]/.examples(max_group_results: 10)
#=> ['F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O']
/[ab]{10}/.examples(max_results_limit: 64).length == 64 # NOT 1024
/[slow]{9}/.examples(max_results_limit: 9999999).length == 4 ** 9 == 262144 # Warning - this will take a while!
/.*/.random_example(max_repeater_variance: 50)
#=> "A very unlikely result!"
Or, set an alternative value within a block:
RegexpExamples::Config.with_configuration(max_repeater_variance: 5) do
# ...
end
Or, globally set a different default value:
# e.g In a rails project, you may wish to place this in
# config/initializers/regexp_examples.rb
RegexpExamples::Config.max_repeater_variance = 5
RegexpExamples::Config.max_group_results = 10
RegexpExamples::Config.max_results_limit = 20000
A sensible use case might be, for example, to generate all 1-5 digit strings:
/\d{1,5}/.examples(max_repeater_variance: 4, max_group_results: 10, max_results_limit: 100000)
#=> ['0', '1', '2', ..., '99998', '99999']
Due to code optimisation, Regexp#random_example
runs pretty fast even on very complex patterns.
(I.e. It's typically a lot faster than using /pattern/.examples.sample(1)
.)
For instance, the following takes no more than ~ 1 second on my machine:
/.*\w+\d{100}/.random_example(max_repeater_variance: 1000)
All forms of configuration mentioned above are thread safe.
There are no known major bugs with this library. However, there are a few obscure issues that you may encounter.
All known bugs/missing features are documented in GitHub. Please discuss known issues there, or raise a new issue if required. Pull requests are welcome!
Some of the most obscure regexp features are not even mentioned in the ruby docs. However, full documentation on all the intricate obscurities in the ruby (version 2.x) regexp parser can be found here.
The following features in the regex language can never be properly implemented into this gem because, put simply, they are not technically "regular"! If you'd like to understand this in more detail, check out what I had to say in my blog post about this gem.
Using any of the following will raise a RegexpExamples::IllegalSyntax
exception:
/foo(?=bar)/
, /foo(?!bar)/
, /(?<=foo)bar/
, /(?<!foo)bar/
\b
, \B
, \G
, ^
, \A
, $
, \z
, \Z
), e.g. /\bword\b/
, /line1\n^line2/
^
, \A
and \G
at the start of a pattern; and to allow $
, \z
and \Z
at the end of pattern. In such cases, the characters are effectively just ignored.\g
), e.g. /(?<name> ... \g<name>* )/
(Note: Backreferences are not really "regular" either, but I got these to work with a bit of hackery.)
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that regexp-examples demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.