Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
正規表現再入門/introduction-to-regex
Search
shin1x1
November 03, 2016
Programming
5
13k
正規表現再入門/introduction-to-regex
2016/11/03 PHPカンファレンス2016
shin1x1
November 03, 2016
Tweet
Share
More Decks by shin1x1
See All by shin1x1
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
3
1.8k
PHPコードの実行モデルを理解する / Understanding-the-PHP-Execution-Model
shin1x1
1
2.3k
制約の力 - 状態を限定する -
shin1x1
4
4.7k
Apple Silicon Mac 時代の PHP 開発環境構築 2021 / php-dev-env-on-m1-mac-era
shin1x1
2
4.6k
Docker イメージのマルチアーキテクチャビルド / docker-muti-arch-build
shin1x1
1
480
Domain modeling with PHP / domain-modeling-with-php-en
shin1x1
0
240
ドメインをモデリングしてPHPコードに落とし込む / domain-modeling-with-php8
shin1x1
14
7.1k
PHP 8 で作る JSON パーサ / php8-json-parser
shin1x1
1
3.7k
Kubernetes で構築する PHP 開発環境 / php-development-environment-on-kubernetes
shin1x1
3
4.9k
Other Decks in Programming
See All in Programming
DevNexus - Create AI Infused Java Apps with LangChain4j
kdubois
0
140
Lambdaの監視、できてますか?Datadogを用いてLambdaを見守ろう
nealle
2
820
Domain-Driven Design (Tutorial)
hschwentner
13
22k
Better Code Design in PHP
afilina
0
190
Serverless Rust: Your Low-Risk Entry Point to Rust in Production (and the benefits are huge)
lmammino
1
170
もう少しテストを書きたいんじゃ〜 #phpstudy
o0h
PRO
21
4.4k
[JAWS DAYS 2025] 最近の DB の競合解決の仕組みが分かった気になってみた
maroon1st
0
190
PHPカンファレンス名古屋2025 タスク分解の試行錯誤〜レビュー負荷を下げるために〜
soichi
1
760
やっと腹落ち「スプリント毎に動くモノをリリースする」〜ゼロから始めるメガバンクグループのアジャイル実践〜
sasakendayo
0
210
責務と認知負荷を整える! 抽象レベルを意識した関心の分離
yahiru
9
1.6k
機能が複雑化しても 頼りになる FactoryBotの話
tamikof
1
260
kintone開発を効率化するためにチームで試した施策とその結果を大放出!
oguemon
0
370
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Side Projects
sachag
452
42k
Git: the NoSQL Database
bkeepers
PRO
429
65k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Unsuck your backbone
ammeep
669
57k
Typedesign – Prime Four
hannesfritz
41
2.5k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Transcript
ɹ!shin1x1 2016//03 PHPΧϯϑΝϨϯε ਖ਼نදݱ࠶ೖ
ৄࡉਖ਼نදݱ ਖ਼نදݱٕज़ೖ
D .BTBTIJ4IJOCBSB!TIJOY "HFOEB w1)1ͷਖ਼نදݱ wϚονϯά wόοΫτϥοΫ w3F%P4
1)1ͷਖ਼نදݱ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻ͕Ϛον͢Δ͔Ͳ͏͔ͷผ wจࣈྻ͔ΒϚονͨ͠Օॴͷऔಘ wจࣈྻͷϚονͨ͠ՕॴΛஔ wϚονͨ͠ՕॴͰจࣈྻΛׂ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ͔Ͳ͏͔ͷผ wϚονͨ͠Օॴͷऔಘ QSFH@NBUDI QSFH@NBUDI@BMM QSFH@HSFQ wϚονͨ͠Օॴͷஔ
QSFH@SFQMBDF QSFH@pMUFS wϚονͨ͠ՕॴͰจࣈྻΛׂ QSFH@TQMJU
Ϛονϯά
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ ࠷࠷ࠨϚονϯά
ਖ਼نදݱؤுΓ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ·ͰऔΓಘΔશͯͷύλʔϯΛࢼߦ Ϛον͢Εऴྃ wऔΓಘΔશͯͷύλʔϯ͕Ϛον͠ͳ͍ Ϛονࣦഊ wϚονࣦഊͷ߹ɺॲཧྔ͕େʹͳΔՄೳੑ
B aE
B aE aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE aE ΛͰϚον όοΫτϥοΫ
B aE ͱϚον͠ͳ͍
B aE จࣈྻΛਐΊͯ aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE จࣈྻΛਐΊΔͱ aE ͕Ϛον͢Δͷ͕ແ͍ Ϛονࣦഊ
࠷ॳʹϚονͨ͠ͷ͕༏ઌ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻͰ࠷ࠨʹ͋ΔϚον͕༏ઌ ʢ࠷ॳʹϚονͨ͠Օॴʣ wਖ਼نදݱʢબʣͷฒͼͰͳ͍
1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO ?1FO Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ ʢ্ͷύλʔϯͰऴྃʣ 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ
ඪ४ͷྔࢦఆࢠཉுΓ D .BTBTIJ4IJOCBSB!TIJOY wඪ४ͷྔࢦఆࢠɺ࠷ʹϚον wσϑΥϧτͰ࠷େྔࢦఆࢠͱͯ͠ಈ͘
ྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wલͷύλʔϯͷ܁Γฦ͠Λࣔ͢ w ɺ ɺ ɺ\O N^ wB
ͳΒʮBʯʮBBCʯʮDBBBBCʯͳͲʹϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ඪ४ͷྔࢦఆࢠ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O ճҎ্ճҎԼ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO ճҎ্ճҎԼ
ྔࢦఆࢠͷϚονϯάύλʔϯ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠʢσϑΥϧτʣ w࠷খྔࢦఆࢠ wઈର࠷େྔࢦఆࢠ
࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠσϑΥϧτͷಈ͖ w \O N^ w࠷ʹϚονɺཉுΓͳϚον
࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
w࠷খͷϚονɺ߇͑ΊͳϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
GPPBOECBS GPPΛϚον͍ͨ͠
࠷େྔࢦఆࢠ GPPBOECBS
<?> Ҏ֎ͷ܁Γฦ͠ GPPBOECBS
࠷খྔࢦఆࢠ GPPBOECBS
࠷େྔࢦఆࢠͱ࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ w࠷খྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ wϚον͠ͳ͍߹ͲͪΒಉ͡ࢼߦΛߦ͏
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
wڧཉͳϚονɺఘΊͳ͍Ϛον
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
όοΫτϥοΫ
όοΫτϥοΫ D .BTBTIJ4IJOCBSB!TIJOY wϚον͕ࣦഊͨ͠߹ʹ લͷਖ਼نදݱʹΓɺผͷϚονΛߦ͏ wਖ਼͍͠ղΛಘΔ·ͰՄೳͳΈ߹ΘͤΛ ޮతʹࢼ͍ͯ͘͠ https://ja.wikipedia.org/wiki/όοΫτϥοΩϯά
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O จࣈͯ͘͠Ϛον όοΫτϥοΫ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονޭ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wҰϚονϯάͨ͠ൣғΛΞτϛοΫʹѻ͍ɺ όοΫτϥοΫͰख์͞ͳ͍ wΞτϛοΫάϧʔϓͰಉ༷ͷޮՌ Ͱಉ༷ͷޮՌ wόοΫτϥοΫൃੜΛ͑Δ
SFHVMBSFYQSFTTJPOT D .BTBTIJ4IJOCBSB!TIJOY https://regex101.com/
None
όοΫτϥοΫʹΑΔ %P4
http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
w4UBDL0WFSqPXͰؒΞΫηεෆೳ wจࣈྻલޙͷۭനΛআ͢Δਖ਼نදݱ w?<aTaVD> c<aTaVD> w ͷۭന ඌۭനҎ֎
ݕূ D .BTBTIJ4IJOCBSB!TIJOY wQSFH@SFQMBDF 1)1 w୯७Խͯ͠ɺaT ͱaT Ͱݕূ w/ݸͷۭന
`B`ʹରͯ͠ॲཧ
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT NT QSFH@SFQMBDF aT
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT aT ൺ NT aT ൺ QSFH@SFQMBDF aT
ରԠࡦ D .BTBTIJ4IJOCBSB!TIJOY wઈର࠷େྔࢦఆࢠͰόοΫτϥοΫΛ੍ wจࣈྻΛόϦσʔγϣϯͰ੍ݶ wਖ਼نදݱΛΘͳ͍ 4UBDL0WFSqPXͰͷରԠ จࣈྻؔͰஔ͑
3F%P4
3F%P4 D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱΛѱ༻ͨ͠%P4 w͔Βఏى͞Ε͍ͯͨ wϚον͠ͳ͍ύλʔϯͰ߈ܸ https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY w B w <B[";> w
BcBB w BcB w B \Y^cGPSY
BBBBBBBBBBBBBBBBBBB9 B
TUFQT ࢀߟ յ໓తͳόοΫτϥοΫ B BBBBBBBBBBBBBBBBBBB9
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY wΘ͔ͣจࣈͷจࣈྻͰ Έ߹Θͤരൃ͕ى͜Δ wྔࢦఆࢠͷೖΕࢠɺબͱྔࢦఆࢠͷೖΕࢠ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI NT NT
͍ʂʂʂ
όοΫτϥοΫ੍ݶ D .BTBTIJ4IJOCBSB!TIJOY wઃఆʹΑΔόοΫτϥοΫ੍ݶ QDSFCBDLUSBDL@MJNJUʢσϑΥϧτ ʣ w্ݶʹୡ͢ΔͱΤϥʔͰऴྃ wQSFH@NBUDI ͷΓ͕GBMTF
ΤϥʔΛࣔ͢ wQSFH@MBTU@FSSPS ͰΤϥʔίʔυऔಘ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY <?php preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX', $m); $error =
preg_last_error(); if ($error === PREG_BACKTRACK_LIMIT_ERROR) { echo 'backtrack limit error', PHP_EOL; } else if ($error > 0) { echo 'other error', PHP_EOL; } $ php redos.php backtrack limit error
1)1Ͱ࣮ߦʢ੍ݶ֎͠ʣ D .BTBTIJ4IJOCBSB!TIJOY ini_set('pcre.backtrack_limit', 10000000000); preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI
NT NT ͕͔͔࣌ؒΔ
$47ͷύʔε D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱͰ࣮ w1P$ͳ$47Λύʔε͢Δͱ 4FHNFOUBUJPO'BVMUʢ1)1ʣ wHPPECZDTWͰॻ͖ͯ͠ରԠ
·ͱΊ
·ͱΊ D .BTBTIJ4IJOCBSB!TIJOY wϚονϯάͷྲྀΕ wύϑΥʔϚϯεͷӨڹ wਖ਼نදݱΛ͋͑ͯΘͳ͍બࢶ
ࢀߟ D .BTBTIJ4IJOCBSB!TIJOY w4UBDL&YDIBOHF͕߈ܸ͞Εͨ3F%P4ͷޮՌcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUTUBDLFYDIBOHFSFEPTBUUBDL w3F%P4ͷճආcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUBWPJEJOHSFEPT
D .BTBTIJ4IJOCBSB!TIJOY !TIJOY !TIJOY D .BTBTIJ4IJOCBSB!TIJOY