Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
正規表現再入門/introduction-to-regex
Search
shin1x1
November 03, 2016
Programming
6
13k
正規表現再入門/introduction-to-regex
2016/11/03 PHPカンファレンス2016
shin1x1
November 03, 2016
Tweet
Share
More Decks by shin1x1
See All by shin1x1
php-fpm がリクエスト処理する仕組みを追う / Tracing-How-php-fpm-Handles-Requests
shin1x1
6
3.5k
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
3
2.1k
PHPコードの実行モデルを理解する / Understanding-the-PHP-Execution-Model
shin1x1
2
2.6k
制約の力 - 状態を限定する -
shin1x1
6
5.3k
Apple Silicon Mac 時代の PHP 開発環境構築 2021 / php-dev-env-on-m1-mac-era
shin1x1
2
4.7k
Docker イメージのマルチアーキテクチャビルド / docker-muti-arch-build
shin1x1
1
500
Domain modeling with PHP / domain-modeling-with-php-en
shin1x1
1
270
ドメインをモデリングしてPHPコードに落とし込む / domain-modeling-with-php8
shin1x1
15
7.3k
PHP 8 で作る JSON パーサ / php8-json-parser
shin1x1
2
3.9k
Other Decks in Programming
See All in Programming
Hypervel - A Coroutine Framework for Laravel Artisans
albertcht
1
130
チームで開発し事業を加速するための"良い"設計の考え方 @ サポーターズCoLab 2025-07-08
agatan
1
420
テストから始めるAgentic Coding 〜Claude Codeと共に行うTDD〜 / Agentic Coding starts with testing
rkaga
12
4.5k
設計やレビューに悩んでいるPHPerに贈る、クリーンなオブジェクト設計の指針たち
panda_program
6
2.1k
RailsGirls IZUMO スポンサーLT
16bitidol
0
190
AI コーディングエージェントの時代へ:JetBrains が描く開発の未来
masaruhr
1
160
システム成長を止めない!本番無停止テーブル移行の全貌
sakawe_ee
1
200
第9回 情シス転職ミートアップ 株式会社IVRy(アイブリー)の紹介
ivry_presentationmaterials
1
320
git worktree × Claude Code × MCP ~生成AI時代の並列開発フロー~
hisuzuya
1
570
Python型ヒント完全ガイド 初心者でも分かる、現代的で実践的な使い方
mickey_kubo
1
120
AIともっと楽するE2Eテスト
myohei
6
2.6k
Azure AI Foundryではじめてのマルチエージェントワークフロー
seosoft
0
170
Featured
See All Featured
Become a Pro
speakerdeck
PRO
29
5.4k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Thoughts on Productivity
jonyablonski
69
4.7k
The Cult of Friendly URLs
andyhume
79
6.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
We Have a Design System, Now What?
morganepeng
53
7.7k
Gamification - CAS2011
davidbonilla
81
5.4k
Adopting Sorbet at Scale
ufuk
77
9.5k
4 Signs Your Business is Dying
shpigford
184
22k
Building Applications with DynamoDB
mza
95
6.5k
Transcript
ɹ!shin1x1 2016//03 PHPΧϯϑΝϨϯε ਖ਼نදݱ࠶ೖ
ৄࡉਖ਼نදݱ ਖ਼نදݱٕज़ೖ
D .BTBTIJ4IJOCBSB!TIJOY "HFOEB w1)1ͷਖ਼نදݱ wϚονϯά wόοΫτϥοΫ w3F%P4
1)1ͷਖ਼نදݱ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻ͕Ϛον͢Δ͔Ͳ͏͔ͷผ wจࣈྻ͔ΒϚονͨ͠Օॴͷऔಘ wจࣈྻͷϚονͨ͠ՕॴΛஔ wϚονͨ͠ՕॴͰจࣈྻΛׂ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ͔Ͳ͏͔ͷผ wϚονͨ͠Օॴͷऔಘ QSFH@NBUDI QSFH@NBUDI@BMM QSFH@HSFQ wϚονͨ͠Օॴͷஔ
QSFH@SFQMBDF QSFH@pMUFS wϚονͨ͠ՕॴͰจࣈྻΛׂ QSFH@TQMJU
Ϛονϯά
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ ࠷࠷ࠨϚονϯά
ਖ਼نදݱؤுΓ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ·ͰऔΓಘΔશͯͷύλʔϯΛࢼߦ Ϛον͢Εऴྃ wऔΓಘΔશͯͷύλʔϯ͕Ϛον͠ͳ͍ Ϛονࣦഊ wϚονࣦഊͷ߹ɺॲཧྔ͕େʹͳΔՄೳੑ
B aE
B aE aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE aE ΛͰϚον όοΫτϥοΫ
B aE ͱϚον͠ͳ͍
B aE จࣈྻΛਐΊͯ aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE จࣈྻΛਐΊΔͱ aE ͕Ϛον͢Δͷ͕ແ͍ Ϛονࣦഊ
࠷ॳʹϚονͨ͠ͷ͕༏ઌ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻͰ࠷ࠨʹ͋ΔϚον͕༏ઌ ʢ࠷ॳʹϚονͨ͠Օॴʣ wਖ਼نදݱʢબʣͷฒͼͰͳ͍
1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO ?1FO Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ ʢ্ͷύλʔϯͰऴྃʣ 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ
ඪ४ͷྔࢦఆࢠཉுΓ D .BTBTIJ4IJOCBSB!TIJOY wඪ४ͷྔࢦఆࢠɺ࠷ʹϚον wσϑΥϧτͰ࠷େྔࢦఆࢠͱͯ͠ಈ͘
ྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wલͷύλʔϯͷ܁Γฦ͠Λࣔ͢ w ɺ ɺ ɺ\O N^ wB
ͳΒʮBʯʮBBCʯʮDBBBBCʯͳͲʹϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ඪ४ͷྔࢦఆࢠ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O ճҎ্ճҎԼ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO ճҎ্ճҎԼ
ྔࢦఆࢠͷϚονϯάύλʔϯ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠʢσϑΥϧτʣ w࠷খྔࢦఆࢠ wઈର࠷େྔࢦఆࢠ
࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠσϑΥϧτͷಈ͖ w \O N^ w࠷ʹϚονɺཉுΓͳϚον
࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
w࠷খͷϚονɺ߇͑ΊͳϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
GPPBOECBS GPPΛϚον͍ͨ͠
࠷େྔࢦఆࢠ GPPBOECBS
<?> Ҏ֎ͷ܁Γฦ͠ GPPBOECBS
࠷খྔࢦఆࢠ GPPBOECBS
࠷େྔࢦఆࢠͱ࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ w࠷খྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ wϚον͠ͳ͍߹ͲͪΒಉ͡ࢼߦΛߦ͏
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
wڧཉͳϚονɺఘΊͳ͍Ϛον
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
όοΫτϥοΫ
όοΫτϥοΫ D .BTBTIJ4IJOCBSB!TIJOY wϚον͕ࣦഊͨ͠߹ʹ લͷਖ਼نදݱʹΓɺผͷϚονΛߦ͏ wਖ਼͍͠ղΛಘΔ·ͰՄೳͳΈ߹ΘͤΛ ޮతʹࢼ͍ͯ͘͠ https://ja.wikipedia.org/wiki/όοΫτϥοΩϯά
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O จࣈͯ͘͠Ϛον όοΫτϥοΫ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονޭ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wҰϚονϯάͨ͠ൣғΛΞτϛοΫʹѻ͍ɺ όοΫτϥοΫͰख์͞ͳ͍ wΞτϛοΫάϧʔϓͰಉ༷ͷޮՌ Ͱಉ༷ͷޮՌ wόοΫτϥοΫൃੜΛ͑Δ
SFHVMBSFYQSFTTJPOT D .BTBTIJ4IJOCBSB!TIJOY https://regex101.com/
None
όοΫτϥοΫʹΑΔ %P4
http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
w4UBDL0WFSqPXͰؒΞΫηεෆೳ wจࣈྻલޙͷۭനΛআ͢Δਖ਼نදݱ w?<aTaVD> c<aTaVD> w ͷۭന ඌۭനҎ֎
ݕূ D .BTBTIJ4IJOCBSB!TIJOY wQSFH@SFQMBDF 1)1 w୯७Խͯ͠ɺaT ͱaT Ͱݕূ w/ݸͷۭന
`B`ʹରͯ͠ॲཧ
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT NT QSFH@SFQMBDF aT
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT aT ൺ NT aT ൺ QSFH@SFQMBDF aT
ରԠࡦ D .BTBTIJ4IJOCBSB!TIJOY wઈର࠷େྔࢦఆࢠͰόοΫτϥοΫΛ੍ wจࣈྻΛόϦσʔγϣϯͰ੍ݶ wਖ਼نදݱΛΘͳ͍ 4UBDL0WFSqPXͰͷରԠ จࣈྻؔͰஔ͑
3F%P4
3F%P4 D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱΛѱ༻ͨ͠%P4 w͔Βఏى͞Ε͍ͯͨ wϚον͠ͳ͍ύλʔϯͰ߈ܸ https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY w B w <B[";> w
BcBB w BcB w B \Y^cGPSY
BBBBBBBBBBBBBBBBBBB9 B
TUFQT ࢀߟ յ໓తͳόοΫτϥοΫ B BBBBBBBBBBBBBBBBBBB9
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY wΘ͔ͣจࣈͷจࣈྻͰ Έ߹Θͤരൃ͕ى͜Δ wྔࢦఆࢠͷೖΕࢠɺબͱྔࢦఆࢠͷೖΕࢠ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI NT NT
͍ʂʂʂ
όοΫτϥοΫ੍ݶ D .BTBTIJ4IJOCBSB!TIJOY wઃఆʹΑΔόοΫτϥοΫ੍ݶ QDSFCBDLUSBDL@MJNJUʢσϑΥϧτ ʣ w্ݶʹୡ͢ΔͱΤϥʔͰऴྃ wQSFH@NBUDI ͷΓ͕GBMTF
ΤϥʔΛࣔ͢ wQSFH@MBTU@FSSPS ͰΤϥʔίʔυऔಘ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY <?php preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX', $m); $error =
preg_last_error(); if ($error === PREG_BACKTRACK_LIMIT_ERROR) { echo 'backtrack limit error', PHP_EOL; } else if ($error > 0) { echo 'other error', PHP_EOL; } $ php redos.php backtrack limit error
1)1Ͱ࣮ߦʢ੍ݶ֎͠ʣ D .BTBTIJ4IJOCBSB!TIJOY ini_set('pcre.backtrack_limit', 10000000000); preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI
NT NT ͕͔͔࣌ؒΔ
$47ͷύʔε D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱͰ࣮ w1P$ͳ$47Λύʔε͢Δͱ 4FHNFOUBUJPO'BVMUʢ1)1ʣ wHPPECZDTWͰॻ͖ͯ͠ରԠ
·ͱΊ
·ͱΊ D .BTBTIJ4IJOCBSB!TIJOY wϚονϯάͷྲྀΕ wύϑΥʔϚϯεͷӨڹ wਖ਼نදݱΛ͋͑ͯΘͳ͍બࢶ
ࢀߟ D .BTBTIJ4IJOCBSB!TIJOY w4UBDL&YDIBOHF͕߈ܸ͞Εͨ3F%P4ͷޮՌcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUTUBDLFYDIBOHFSFEPTBUUBDL w3F%P4ͷճආcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUBWPJEJOHSFEPT
D .BTBTIJ4IJOCBSB!TIJOY !TIJOY !TIJOY D .BTBTIJ4IJOCBSB!TIJOY