Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
正規表現再入門/introduction-to-regex
Search
shin1x1
November 03, 2016
Programming
6
13k
正規表現再入門/introduction-to-regex
2016/11/03 PHPカンファレンス2016
shin1x1
November 03, 2016
Tweet
Share
More Decks by shin1x1
See All by shin1x1
php-fpm がリクエスト処理する仕組みを追う / Tracing-How-php-fpm-Handles-Requests
shin1x1
6
3.5k
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
3
2.1k
PHPコードの実行モデルを理解する / Understanding-the-PHP-Execution-Model
shin1x1
2
2.6k
制約の力 - 状態を限定する -
shin1x1
6
5.2k
Apple Silicon Mac 時代の PHP 開発環境構築 2021 / php-dev-env-on-m1-mac-era
shin1x1
2
4.7k
Docker イメージのマルチアーキテクチャビルド / docker-muti-arch-build
shin1x1
1
490
Domain modeling with PHP / domain-modeling-with-php-en
shin1x1
1
270
ドメインをモデリングしてPHPコードに落とし込む / domain-modeling-with-php8
shin1x1
15
7.3k
PHP 8 で作る JSON パーサ / php8-json-parser
shin1x1
2
3.9k
Other Decks in Programming
See All in Programming
WebViewの現在地 - SwiftUI時代のWebKit - / The Current State Of WebView
marcy731
0
100
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
410
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
slecache
0
120
datadog dash 2025 LLM observability for reliability and stability
ivry_presentationmaterials
0
350
明示と暗黙 ー PHPとGoの インターフェイスの違いを知る
shimabox
2
380
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
49
32k
AWS CDKの推しポイント 〜CloudFormationと比較してみた〜
akihisaikeda
3
320
PHPでWebSocketサーバーを実装しよう2025
kubotak
0
240
AIエージェントはこう育てる - GitHub Copilot Agentとチームの共進化サイクル
koboriakira
0
480
技術同人誌をMCP Serverにしてみた
74th
1
450
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
350
既存デザインを変更せずにタップ領域を広げる方法
tahia910
1
260
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Visualization
eitanlees
146
16k
The Cult of Friendly URLs
andyhume
79
6.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Git: the NoSQL Database
bkeepers
PRO
430
65k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
ɹ!shin1x1 2016//03 PHPΧϯϑΝϨϯε ਖ਼نදݱ࠶ೖ
ৄࡉਖ਼نදݱ ਖ਼نදݱٕज़ೖ
D .BTBTIJ4IJOCBSB!TIJOY "HFOEB w1)1ͷਖ਼نදݱ wϚονϯά wόοΫτϥοΫ w3F%P4
1)1ͷਖ਼نදݱ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
1)1ͷਖ਼نදݱ D .BTBTIJ4IJOCBSB!TIJOY w1$3& QSFHܥ w104*9ਖ਼نදݱ FSFHܥʢ1)1ͰඇਪɺͰഇࢭʣ wَं NC@FSFHܥ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻ͕Ϛον͢Δ͔Ͳ͏͔ͷผ wจࣈྻ͔ΒϚονͨ͠Օॴͷऔಘ wจࣈྻͷϚονͨ͠ՕॴΛஔ wϚονͨ͠ՕॴͰจࣈྻΛׂ
ਖ਼نදݱͷओͳར༻༻్ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ͔Ͳ͏͔ͷผ wϚονͨ͠Օॴͷऔಘ QSFH@NBUDI QSFH@NBUDI@BMM QSFH@HSFQ wϚονͨ͠Օॴͷஔ
QSFH@SFQMBDF QSFH@pMUFS wϚονͨ͠ՕॴͰจࣈྻΛׂ QSFH@TQMJU
Ϛονϯά
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ
Ϛονϯάͷಛ D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱؤுΓ w࠷ॳʹϚονͨ͠ͷ͕༏ઌ wඪ४ͷྔࢦఆࢠཉுΓʢHSFFEZʣ ࠷࠷ࠨϚονϯά
ਖ਼نදݱؤுΓ D .BTBTIJ4IJOCBSB!TIJOY wϚον͢Δ·ͰऔΓಘΔશͯͷύλʔϯΛࢼߦ Ϛον͢Εऴྃ wऔΓಘΔશͯͷύλʔϯ͕Ϛον͠ͳ͍ Ϛονࣦഊ wϚονࣦഊͷ߹ɺॲཧྔ͕େʹͳΔՄೳੑ
B aE
B aE aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE aE ΛͰϚον όοΫτϥοΫ
B aE ͱϚον͠ͳ͍
B aE จࣈྻΛਐΊͯ aE ΛͰϚον
B aE ͱBϚον͠ͳ͍
B aE จࣈྻΛਐΊΔͱ aE ͕Ϛον͢Δͷ͕ແ͍ Ϛονࣦഊ
࠷ॳʹϚονͨ͠ͷ͕༏ઌ D .BTBTIJ4IJOCBSB!TIJOY wจࣈྻͰ࠷ࠨʹ͋ΔϚον͕༏ઌ ʢ࠷ॳʹϚονͨ͠Օॴʣ wਖ਼نදݱʢબʣͷฒͼͰͳ͍
1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO ?1FO Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ ʢ্ͷύλʔϯͰऴྃʣ 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO "QQMFc1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO จࣈྻͷࠨଆͰϚονͨ͠ͷ͕༏ઌ
ඪ४ͷྔࢦఆࢠཉுΓ D .BTBTIJ4IJOCBSB!TIJOY wඪ४ͷྔࢦఆࢠɺ࠷ʹϚον wσϑΥϧτͰ࠷େྔࢦఆࢠͱͯ͠ಈ͘
ྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wલͷύλʔϯͷ܁Γฦ͠Λࣔ͢ w ɺ ɺ ɺ\O N^ wB
ͳΒʮBʯʮBBCʯʮDBBBBCʯͳͲʹϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ඪ४ͷྔࢦఆࢠ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ճҎ্
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1FO1JOFBQQMF"QQMF1FO 1 O ͘͠ճ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O ճҎ্ճҎԼ 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO
1\ ^O 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO 1FO1JOFBQQMF"QQMF1FO ճҎ্ճҎԼ
ྔࢦఆࢠͷϚονϯάύλʔϯ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠʢσϑΥϧτʣ w࠷খྔࢦఆࢠ wઈର࠷େྔࢦఆࢠ
࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠσϑΥϧτͷಈ͖ w \O N^ w࠷ʹϚονɺཉுΓͳϚον
࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
w࠷খͷϚονɺ߇͑ΊͳϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
1FO1JOFBQQMF"QQMF1FO 1 O ࠷ͰϚον
GPPBOECBS GPPΛϚον͍ͨ͠
࠷େྔࢦఆࢠ GPPBOECBS
<?> Ҏ֎ͷ܁Γฦ͠ GPPBOECBS
࠷খྔࢦఆࢠ GPPBOECBS
࠷େྔࢦఆࢠͱ࠷খྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY w࠷େྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ w࠷খྔࢦఆࢠ࠷Ұக͔Βࢼߦ͍ͯ͘͠ wϚον͠ͳ͍߹ͲͪΒಉ͡ࢼߦΛߦ͏
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wྔࢦఆࢠʹ Λ͚ͯࢦఆ w ɺ ɺ ɺ\O N^
wڧཉͳϚονɺఘΊͳ͍Ϛον
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
όοΫτϥοΫ
όοΫτϥοΫ D .BTBTIJ4IJOCBSB!TIJOY wϚον͕ࣦഊͨ͠߹ʹ લͷਖ਼نදݱʹΓɺผͷϚονΛߦ͏ wਖ਼͍͠ղΛಘΔ·ͰՄೳͳΈ߹ΘͤΛ ޮతʹࢼ͍ͯ͘͠ https://ja.wikipedia.org/wiki/όοΫτϥοΩϯά
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O จࣈͯ͘͠Ϛον όοΫτϥοΫ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονޭ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O ͰϚονͨ͠Օॴͷ࠶୳ࠪߦΘͣɺ ਖ਼نදݱΛ1͔ΒϚον͢͠
1FO1JOFBQQMF"QQMF1FO 1 O Ϛον͢Δ Ϛονͨ͠ൣғΛΞτϛοΫʹѻ͏
1FO1JOFBQQMF"QQMF1FO 1 O OͱߦͳͷͰ Ϛον͠ͳ͍
1FO1JOFBQQMF"QQMF1FO 1 O Ϛονࣦഊ
ઈର࠷େྔࢦఆࢠ D .BTBTIJ4IJOCBSB!TIJOY wҰϚονϯάͨ͠ൣғΛΞτϛοΫʹѻ͍ɺ όοΫτϥοΫͰख์͞ͳ͍ wΞτϛοΫάϧʔϓͰಉ༷ͷޮՌ Ͱಉ༷ͷޮՌ wόοΫτϥοΫൃੜΛ͑Δ
SFHVMBSFYQSFTTJPOT D .BTBTIJ4IJOCBSB!TIJOY https://regex101.com/
None
όοΫτϥοΫʹΑΔ %P4
http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
w4UBDL0WFSqPXͰؒΞΫηεෆೳ wจࣈྻલޙͷۭനΛআ͢Δਖ਼نදݱ w?<aTaVD> c<aTaVD> w ͷۭന ඌۭനҎ֎
ݕূ D .BTBTIJ4IJOCBSB!TIJOY wQSFH@SFQMBDF 1)1 w୯७Խͯ͠ɺaT ͱaT Ͱݕূ w/ݸͷۭന
`B`ʹରͯ͠ॲཧ
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT NT QSFH@SFQMBDF aT
/TQBDFT B 1)1 1)1 NT NT NT
NT NT NT NT aT ൺ NT aT ൺ QSFH@SFQMBDF aT
ରԠࡦ D .BTBTIJ4IJOCBSB!TIJOY wઈର࠷େྔࢦఆࢠͰόοΫτϥοΫΛ੍ wจࣈྻΛόϦσʔγϣϯͰ੍ݶ wਖ਼نදݱΛΘͳ͍ 4UBDL0WFSqPXͰͷରԠ จࣈྻؔͰஔ͑
3F%P4
3F%P4 D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱΛѱ༻ͨ͠%P4 w͔Βఏى͞Ε͍ͯͨ wϚον͠ͳ͍ύλʔϯͰ߈ܸ https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
https://www.checkmarx.com/wp-content/uploads/2015/03/ReDoS-Attacks.pdf
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY w B w <B[";> w
BcBB w BcB w B \Y^cGPSY
BBBBBBBBBBBBBBBBBBB9 B
TUFQT ࢀߟ յ໓తͳόοΫτϥοΫ B BBBBBBBBBBBBBBBBBBB9
&WJM3FHFY1BUUFSOT D .BTBTIJ4IJOCBSB!TIJOY wΘ͔ͣจࣈͷจࣈྻͰ Έ߹Θͤരൃ͕ى͜Δ wྔࢦఆࢠͷೖΕࢠɺબͱྔࢦఆࢠͷೖΕࢠ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI NT NT
͍ʂʂʂ
όοΫτϥοΫ੍ݶ D .BTBTIJ4IJOCBSB!TIJOY wઃఆʹΑΔόοΫτϥοΫ੍ݶ QDSFCBDLUSBDL@MJNJUʢσϑΥϧτ ʣ w্ݶʹୡ͢ΔͱΤϥʔͰऴྃ wQSFH@NBUDI ͷΓ͕GBMTF
ΤϥʔΛࣔ͢ wQSFH@MBTU@FSSPS ͰΤϥʔίʔυऔಘ
1)1Ͱ࣮ߦ D .BTBTIJ4IJOCBSB!TIJOY <?php preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX', $m); $error =
preg_last_error(); if ($error === PREG_BACKTRACK_LIMIT_ERROR) { echo 'backtrack limit error', PHP_EOL; } else if ($error > 0) { echo 'other error', PHP_EOL; } $ php redos.php backtrack limit error
1)1Ͱ࣮ߦʢ੍ݶ֎͠ʣ D .BTBTIJ4IJOCBSB!TIJOY ini_set('pcre.backtrack_limit', 10000000000); preg_match('/(a+)+$/', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaX'); 1)1 1)1 QSFH@NBUDI
NT NT ͕͔͔࣌ؒΔ
$47ͷύʔε D .BTBTIJ4IJOCBSB!TIJOY wਖ਼نදݱͰ࣮ w1P$ͳ$47Λύʔε͢Δͱ 4FHNFOUBUJPO'BVMUʢ1)1ʣ wHPPECZDTWͰॻ͖ͯ͠ରԠ
·ͱΊ
·ͱΊ D .BTBTIJ4IJOCBSB!TIJOY wϚονϯάͷྲྀΕ wύϑΥʔϚϯεͷӨڹ wਖ਼نදݱΛ͋͑ͯΘͳ͍બࢶ
ࢀߟ D .BTBTIJ4IJOCBSB!TIJOY w4UBDL&YDIBOHF͕߈ܸ͞Εͨ3F%P4ͷޮՌcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUTUBDLFYDIBOHFSFEPTBUUBDL w3F%P4ͷճආcZPIHBLJTCMPH IUUQTCMPHPIHBLJOFUBWPJEJOHSFEPT
D .BTBTIJ4IJOCBSB!TIJOY !TIJOY !TIJOY D .BTBTIJ4IJOCBSB!TIJOY