I'm getting a list of inputs from the user of supposely valid perl regexp values. Examples could be:
\b[Bb]anana\b
\s*Apples[BANANA]\s+
Is there a safe way to validate these strings?
First, consider how much you want to let users do with a pattern. A Perl regex can run arbitrary code.
But, to validate that you can use a string as a pattern without it causing a fatal error, you can use the qr//
operator to compile the string and return the regex. If there's a problem, the qr
gives you a fatal error that you can catch with eval
:
my $pattern = eval { qr/$input/ };
If you get back undef
, the pattern was not valid. And, despite the comments in the question, there are infinite ways to make invalid patterns. I know because I type them in by hand all the time and I haven't run out of ways to mess up :)
This does not apply the pattern to a string, but you can use $pattern
to make the match:
if( $pattern ) {
$target =~ $pattern; # or $target =~ m/$pattern/
}