Upgrade to Pro — share decks privately, control downloads, hide ads and more …

正規表現再入門/introduction-to-regex

Ca17a082a30f4cbfed1d0a6dacbe3af2?s=47 shin1x1
November 03, 2016

 正規表現再入門/introduction-to-regex

2016/11/03 PHPカンファレンス2016

Ca17a082a30f4cbfed1d0a6dacbe3af2?s=128

shin1x1

November 03, 2016
Tweet

Transcript

  1. ɹ!shin1x1 2016//03 PHPΧϯϑΝϨϯε ਖ਼نදݱ࠶ೖ໳

  2. ৄࡉਖ਼نදݱ ਖ਼نදݱٕज़ೖ໳

  3. D .BTBTIJ4IJOCBSB!TIJOY "HFOEB w1)1ͷਖ਼نදݱ wϚονϯά wόοΫτϥοΫ w3F%P4

  4. 1)1ͷਖ਼نදݱ

  5. 1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3&
 QSFHܥ w104*9ਖ਼نදݱ
 FSFHܥʢ1)1Ͱඇਪ঑ɺͰഇࢭʣ wَं
 NC@FSFHܥ

  6. 1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3&
 QSFHܥ w104*9ਖ਼نදݱ
 FSFHܥʢ1)1Ͱඇਪ঑ɺͰഇࢭʣ wَं
 NC@FSFHܥ

  7. ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻ͕Ϛον͢Δ͔Ͳ͏͔ͷ൑ผ wจࣈྻ͔ΒϚονͨ͠Օॴͷऔಘ wจࣈྻͷϚονͨ͠ՕॴΛஔ׵ wϚονͨ͠ՕॴͰจࣈྻΛ෼ׂ

  8. ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ͔Ͳ͏͔ͷ൑ผ wϚονͨ͠Օॴͷऔಘ
 QSFH@NBUDI QSFH@NBUDI@BMM QSFH@HSFQ  wϚονͨ͠Օॴͷஔ׵


    QSFH@SFQMBDF QSFH@pMUFS  wϚονͨ͠ՕॴͰจࣈྻΛ෼ׂ
 QSFH@TQMJU
  9. Ϛονϯά

  10. Ϛονϯάͷಛ௃ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱ͸ؤுΓ԰ w࠷ॳʹϚονͨ͠΋ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠ͸ཉுΓʢHSFFEZʣ

  11. Ϛονϯάͷಛ௃ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱ͸ؤுΓ԰ w࠷ॳʹϚονͨ͠΋ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠ͸ཉுΓʢHSFFEZʣ ࠷௕࠷ࠨϚονϯά

  12. ਖ਼نදݱ͸ؤுΓ԰ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ·ͰऔΓಘΔશͯͷύλʔϯΛࢼߦ
 Ϛον͢Ε͹ऴྃ wऔΓಘΔશͯͷύλʔϯ͕Ϛον͠ͳ͍
 Ϛονࣦഊ wϚονࣦഊͷ৔߹ɺॲཧྔ͕๲େʹͳΔՄೳੑ

  13. B aE 

  14. B aE  aE ΛͰϚον

  15. B aE  ͱB͸Ϛον͠ͳ͍

  16. B aE  aE ΛͰϚον όοΫτϥοΫ

  17. B aE  ͱ͸Ϛον͠ͳ͍

  18. B aE  จࣈྻΛਐΊͯ
 aE ΛͰϚον

  19. B aE  ͱB͸Ϛον͠ͳ͍

  20. B aE  จࣈྻΛਐΊΔͱ
 aE ͕Ϛον͢Δ΋ͷ͕ແ͍ Ϛονࣦഊ

  21. ࠷ॳʹϚονͨ͠΋ͷ͕༏ઌ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻ಺Ͱ࠷΋ࠨʹ͋ΔϚον͕༏ઌ
 ʢ࠷ॳʹϚονͨ͠Օॴʣ wਖ਼نදݱʢબ୒ʣͷฒͼͰ͸ͳ͍

  22. 1FO1JOFBQQMF"QQMF1FO

  23. 1FO1JOFBQQMF"QQMF1FO ?1FO Ϛον͢Δ

  24. 1FO1JOFBQQMF"QQMF1FO 1FO 1FO1JOFBQQMF"QQMF1FO

  25. 1FO1JOFBQQMF"QQMF1FO 1FO จࣈྻͷࠨଆͰϚονͨ͠΋ͷ͕༏ઌ ʢ্ͷύλʔϯͰऴྃʣ 1FO1JOFBQQMF"QQMF1FO

  26. 1FO1JOFBQQMF"QQMF1FO "QQMFc1FO

  27. 1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO

  28. 1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO จࣈྻͷࠨଆͰϚονͨ͠΋ͷ͕༏ઌ

  29. ඪ४ͷྔࢦఆࢠ͸ཉுΓ D .BTBTIJ4IJOCBSB!TIJOY wඪ४ͷྔࢦఆࢠ͸ɺ࠷௕ʹϚον wσϑΥϧτͰ͸࠷େྔࢦఆࢠͱͯ͠ಈ͘

  30. ྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY w௚લͷύλʔϯͷ܁Γฦ͠Λࣔ͢ w ɺ ɺ ɺ\O N^ wB

    ͳΒʮBʯʮBBCʯʮDBBBBCʯͳͲʹϚον
  31. 1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্

  32. 1FO1JOFBQQMF"QQMF1FO 1 O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO

  33. 1FO1JOFBQQMF"QQMF1FO 1 O ඪ४ͷྔࢦఆࢠ͸࠷௕ͰϚον

  34. 1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্

  35. 1FO1JOFBQQMF"QQMF1FO 1 O ΋͘͠͸ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO

  36. 1FO1JOFBQQMF"QQMF1FO 1 O ΋͘͠͸ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO

  37. 1\ ^O ճҎ্ճҎԼ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO

  38. 1\ ^O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO ճҎ্ճҎԼ

  39. ྔࢦఆࢠͷϚονϯάύλʔϯ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠʢσϑΥϧτʣ w࠷খྔࢦఆࢠ wઈର࠷େྔࢦఆࢠ

  40. ࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠσϑΥϧτͷಈ͖ w   \O N^ w࠷௕ʹϚονɺཉுΓͳϚον

  41. ࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ෇͚ͯࢦఆ w ɺ ɺ ɺ\O N^

     w࠷খͷϚονɺ߇͑ΊͳϚον
  42. 1FO1JOFBQQMF"QQMF1FO 1 O ࠷௕ͰϚον

  43. 1FO1JOFBQQMF"QQMF1FO 1 O ࠷୹ͰϚον

  44. GPPBOECBS GPPΛϚον͍ͨ͠

  45. ࠷େྔࢦఆࢠ GPPBOECBS  

  46. <?>  Ҏ֎ͷ܁Γฦ͠ GPPBOECBS

  47.   ࠷খྔࢦఆࢠ GPPBOECBS

  48. ࠷େྔࢦఆࢠͱ࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠ࠷௕Ұக͔Βࢼߦ͍ͯ͘͠ w࠷খྔࢦఆࢠ࠷୹Ұக͔Βࢼߦ͍ͯ͘͠ wϚον͠ͳ͍৔߹ͲͪΒ΋ಉ͡ࢼߦΛߦ͏

  49. ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ෇͚ͯࢦఆ w ɺ ɺ ɺ\O N^

     wڧཉͳϚονɺఘΊͳ͍Ϛον
  50. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ

  51. όοΫτϥοΫ

  52. όοΫτϥοΫ D .BTBTIJ4IJOCBSB!TIJOY wϚον͕ࣦഊͨ͠৔߹ʹ
 લͷਖ਼نදݱʹ໭ΓɺผͷϚονΛߦ͏ wਖ਼͍͠ղΛಘΔ·ͰՄೳͳ૊Έ߹ΘͤΛ
 ޮ཰తʹࢼ͍ͯ͘͠ https://ja.wikipedia.org/wiki/όοΫτϥοΩϯά

  53. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ

  54. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ

  55. 1FO1JOFBQQMF"QQMF1FO 1 O Oͱߦ຤ͳͷͰ Ϛον͠ͳ͍

  56. 1FO1JOFBQQMF"QQMF1FO 1 O จࣈ୹ͯ͘͠Ϛον όοΫτϥοΫ

  57. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον੒ޭ

  58. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ

  59. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏

  60. 1FO1JOFBQQMF"QQMF1FO 1 O Oͱߦ຤ͳͷͰ Ϛον͠ͳ͍

  61. 1FO1JOFBQQMF"QQMF1FO 1 O  ͰϚονͨ͠Օॴͷ࠶୳ࠪ͸ߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͠௚͢

  62. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏

  63. 1FO1JOFBQQMF"QQMF1FO 1 O Oͱߦ຤ͳͷͰ Ϛον͠ͳ͍

  64. 1FO1JOFBQQMF"QQMF1FO 1 O  ͰϚονͨ͠Օॴͷ࠶୳ࠪ͸ߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͠௚͢

  65. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏

  66. 1FO1JOFBQQMF"QQMF1FO 1 O Oͱߦ຤ͳͷͰ Ϛον͠ͳ͍

  67. 1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ

  68. ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wҰ౓Ϛονϯάͨ͠ൣғΛΞτϛοΫʹѻ͍ɺ
 όοΫτϥοΫͰख์͞ͳ͍ wΞτϛοΫάϧʔϓͰ΋ಉ༷ͷޮՌ
   Ͱ΋ಉ༷ͷޮՌ wόοΫτϥοΫൃੜ਺Λ཈͑Δ

  69. SFHVMBSFYQSFTTJPOT D .BTBTIJ4IJOCBSB!TIJOY https://regex101.com/

  70. None
  71. όοΫτϥοΫʹΑΔ %P4

  72. http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016

  73. w4UBDL0WFSqPXͰ෼ؒΞΫηεෆೳ wจࣈྻલޙͷۭനΛ࡟আ͢Δਖ਼نදݱ w?<aTaVD> c<aTaVD>  w ͷۭന ຤ඌ͸ۭനҎ֎

  74. ݕূ D .BTBTIJ4IJOCBSB!TIJOY wQSFH@SFQMBDF  1)1 w୯७Խͯ͠ɺaT ͱaT Ͱݕূ w/ݸͷۭന

    `B`ʹରͯ͠ॲཧ
  75. /TQBDFT B 1)1 1)1  NT NT   NT

    NT    NT NT    NT  NT QSFH@SFQMBDF aT 
  76. /TQBDFT B 1)1 1)1  NT NT   NT

    NT   NT NT    NT
 aT ൺ  NT aT ൺ QSFH@SFQMBDF aT 
  77. ରԠࡦ D .BTBTIJ4IJOCBSB!TIJOY wઈର࠷େྔࢦఆࢠͰόοΫτϥοΫΛ཈੍ wจࣈྻ௕ΛόϦσʔγϣϯͰ੍ݶ wਖ਼نදݱΛ࢖Θͳ͍
 4UBDL0WFSqPXͰͷରԠ
 จࣈྻؔ਺Ͱஔ׵͑

  78. 3F%P4

  79. 3F%P4 D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱΛѱ༻ͨ͠%P4 w೥͔Β໰୊ఏى͞Ε͍ͯͨ wϚον͠ͳ͍ύλʔϯͰ߈ܸ https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf

  80. https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf

  81. &WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY w B  w <B[";>  w

    BcBB  w BcB  w  B \Y^cGPSY
  82. BBBBBBBBBBBBBBBBBBB9  B 

  83.  TUFQT ࢀߟ յ໓తͳόοΫτϥοΫ  B  BBBBBBBBBBBBBBBBBBB9

  84. &WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY wΘ͔ͣจࣈͷจࣈྻͰ΋
 ૊Έ߹Θͤരൃ͕ى͜Δ wྔࢦఆࢠͷೖΕࢠɺબ୒ͱྔࢦఆࢠͷೖΕࢠ

  85. 1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI NT NT

    ଎͍ʂʂʂ
  86. όοΫτϥοΫ੍ݶ D .BTBTIJ4IJOCBSB!TIJOY wઃఆʹΑΔόοΫτϥοΫ੍ݶ
 QDSFCBDLUSBDL@MJNJUʢσϑΥϧτ͸  ʣ w্ݶʹୡ͢ΔͱΤϥʔͰऴྃ wQSFH@NBUDI ͷ໭Γ஋͕GBMTF


    ΤϥʔΛࣔ͢ wQSFH@MBTU@FSSPS ͰΤϥʔίʔυऔಘ
  87. 1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY <?php
 preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX', $m);
 
 $error =

    preg_last_error();
 if ($error === PREG_BACKTRACK_LIMIT_ERROR) {
 echo 'backtrack limit error', PHP_EOL;
 } else if ($error > 0) {
 echo 'other error', PHP_EOL;
 } $ php redos.php backtrack limit error
  88. 1)1Ͱ࣮ߦʢ੍ݶ֎͠ʣ D .BTBTIJ4IJOCBSB!TIJOY ini_set('pcre.backtrack_limit', 10000000000); preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI

     NT  NT ͕͔͔࣌ؒΔ
  89. $47ͷύʔε D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱͰ࣮૷ w1P$ͳ$47Λύʔε͢Δͱ
 4FHNFOUBUJPO'BVMUʢ1)1ʣ wHPPECZDTWͰॻ͖௚ͯ͠ରԠ

  90. ·ͱΊ

  91. ·ͱΊ D .BTBTIJ4IJOCBSB!TIJOY wϚονϯάͷྲྀΕ wύϑΥʔϚϯε΁ͷӨڹ wਖ਼نදݱΛ͋͑ͯ࢖Θͳ͍બ୒ࢶ

  92. ࢀߟ D .BTBTIJ4IJOCBSB!TIJOY w4UBDL&YDIBOHF͕߈ܸ͞Εͨ3F%P4ͷޮՌcZPIHBLJTCMPH
 IUUQTCMPHPIHBLJOFUTUBDLFYDIBOHFSFEPTBUUBDL w3F%P4ͷճආcZPIHBLJTCMPH
 IUUQTCMPHPIHBLJOFUBWPJEJOHSFEPT

  93. D .BTBTIJ4IJOCBSB!TIJOY !TIJOY !TIJOY D .BTBTIJ4IJOCBSB!TIJOY