Merge pull request #95 from Koan-Bot/koan.atoomic/validate-regex-search

atoomic · web-flow · commit 452449e43044 · 2026-03-15T08:10:34.000-06:00
diff --git a/src/lib/GrepCpan/Grep.pm b/src/lib/GrepCpan/Grep.pm
@@ -232,6 +232,26 @@ sub _get_git_grep_flavor($s) {
     return q{-P};
 }
 
+# Validate a search string as a PCRE pattern.
+# Returns undef if valid, or the error message if invalid.
+sub _validate_pcre_pattern($s) {
+    return undef unless defined $s;
+    return undef if _get_git_grep_flavor($s) eq q{--fixed-string};
+
+    local $@;
+    eval {
+        no warnings 'regexp';    # user patterns may have unescaped braces
+        qr/$s/;
+    };
+    if ($@) {
+        my $err = $@;
+        $err =~ s{ at .+ line \d+.*}{}s;    # strip Perl location info
+        $err =~ s{^\s+|\s+$}{}g;
+        return $err;
+    }
+    return undef;
+}
+
 # idea use git rev-parse HEAD to include it in the cache name
 
 sub do_search ( $self, %opts ) {
@@ -250,6 +270,28 @@ sub do_search ( $self, %opts ) {
 
     $search = _sanitize_search($search);
 
+    # Validate regex before running git grep — invalid PCRE would silently
+    # return empty results, confusing users.
+    if ( my $regex_error = _validate_pcre_pattern($search) ) {
+        my $elapsed = sprintf( "%.3f",
+            Time::HiRes::tv_interval( $t0, [Time::HiRes::gettimeofday] ) );
+        return {
+            is_incomplete      => 0,
+            search_in_progress => 0,
+            match              => { files => 0, distros => 0 },
+            adjusted_request   => {
+                q => {
+                    error => "Invalid regular expression: $regex_error",
+                    value => $search,
+                },
+            },
+            results           => [],
+            time_elapsed      => $elapsed,
+            is_a_known_distro => 0,
+            version           => $self->current_version(),
+        };
+    }
+
     my $results = $self->_do_search(%opts);
 
     my $cache             = $results->{cache};
diff --git a/src/t/GrepCpan-Grep-validate-regex.t b/src/t/GrepCpan-Grep-validate-regex.t
@@ -0,0 +1,55 @@
+use strict;
+use warnings;
+
+use Test2::Bundle::Extended;
+use Test2::Tools::Explain;
+use Test2::Plugin::NoWarnings;
+
+use GrepCpan::Grep;
+
+# Valid patterns — _validate_pcre_pattern returns undef
+my @valid = (
+    q{\d+},
+    q{[a-z]+},
+    q{\bfoo\b},
+    q{foo(bar)?},
+    q{\(\{\d+(,\d+)?\}},
+    q{open\(},
+    q{^start},
+    q{end$},
+    q{a|b|c},
+);
+
+# Fixed-string searches — always valid (skipped by validator)
+my @fixed = (
+    undef,
+    q{hello world},
+    q{simple},
+);
+
+# Invalid PCRE patterns — returns an error string
+my @invalid = (
+    q{open(},          # unmatched paren
+    q{[unclosed},      # unmatched bracket
+    q{*greedy},        # quantifier without target
+    q{+also bad},      # quantifier without target
+    q{(?P<broken},     # incomplete named group
+);
+
+for my $pattern (@valid) {
+    is GrepCpan::Grep::_validate_pcre_pattern($pattern), undef,
+        "valid PCRE: $pattern";
+}
+
+for my $pattern (@fixed) {
+    is GrepCpan::Grep::_validate_pcre_pattern($pattern), undef,
+        "fixed-string (skipped): " . ( $pattern // 'undef' );
+}
+
+for my $pattern (@invalid) {
+    my $err = GrepCpan::Grep::_validate_pcre_pattern($pattern);
+    ok defined $err, "invalid PCRE detected: $pattern";
+    ok length($err) > 0, "error message is not empty for: $pattern";
+}
+
+done_testing;
