fix: Sanitize URI regular expressions (OID & License Plate) (#9)

edurodriguesdias · web-flow · commit 29e0957dffc1 · 2024-03-21T17:56:26.000-03:00
* fix: regex to catch OID longer than 24 caracteres

* fix: license plate regex

- License plate is considered valid if it has 7 or 8 numbers
diff --git a/src/Support/Uri.php b/src/Support/Uri.php
@@ -18,8 +18,8 @@ public static function sanitize(string $uri): string
         return preg_replace(
             [
                 '/\/(?<=\/)([A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12})(?=\/)?/i',
-                '/\/(?<=\/)([A-Z]{3}-?\d[0-9A-Z]\d{2})(?=\/)?/i',
-                '/\/(?<=\/)[0-9A-F]{24}(?=\/)?/i',
+                '/\/(?<=\/)((?=.{7,8}$)|(?=.{7,8}\/))([A-Z]{3}-?\d[0-9A-Z]\d{2})/i',
+                '/\/(?<=\/)[0-9A-F]{24,}(?=\/)?/i',
                 '/\/(?<=\/)\d+(?=\/)?/',
             ],
             [
diff --git a/tests/UriTest.php b/tests/UriTest.php
@@ -49,6 +49,7 @@ public function testSanitizeLicensePlatesStrings(): void
         self::assertSame('/v7/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>', Uri::sanitize('/v7/test/PET9349/PET9349/PET9349'));
         self::assertSame('/v8/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>/', Uri::sanitize('/v8/test/PET9D49/PET9D49/PET9D49/'));
         self::assertSame('/v8/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>/', Uri::sanitize('/v8/test/PET9349/PET9349/PET9349/'));
+        self::assertSame('/v8/test/PET9349FOOBAR/foo/<LICENSE-PLATE>', Uri::sanitize('/v8/test/PET9349FOOBAR/foo/PET9349'));
     }
 
     public function testClearUriUuids(): void
@@ -68,6 +69,7 @@ public function testClearUriUuids(): void
     public function testClearUriOids(): void
     {
         $oid = '650229807612bba4984d1fc7';
+        $oidLonger = 'ddb21302b3c66b5111bb99a907f783e2a29947f0';
 
         self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
         self::assertSame('/v2/test/<OID>', Uri::sanitize("/v2/test/{$oid}"));
@@ -77,5 +79,7 @@ public function testClearUriOids(): void
         self::assertSame('/v6/test/<OID>/<OID>/', Uri::sanitize("/v6/test/{$oid}/{$oid}/"));
         self::assertSame('/v7/test/<OID>/<OID>/<OID>', Uri::sanitize("/v7/test/{$oid}/{$oid}/{$oid}"));
         self::assertSame('/v8/test/<OID>/<OID>/<OID>/', Uri::sanitize("/v8/test/{$oid}/{$oid}/{$oid}/"));
+        self::assertSame('/v2/token/<OID>/foo/<OID>', Uri::sanitize("/v2/token/{$oidLonger}/foo/{$oid}"));
+        self::assertSame('/v3/token/<OID>/foo/<OID>/bar', Uri::sanitize("/v3/token/$oidLonger/foo/{$oid}/bar"));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -18,8 +18,8 @@ public static function sanitize(string $uri): string`
`18`	`18`	`return preg_replace(`
`19`	`19`	`[`
`20`	`20`	`'/\/(?<=\/)([A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12})(?=\/)?/i',`
`21`		`- '/\/(?<=\/)([A-Z]{3}-?\d[0-9A-Z]\d{2})(?=\/)?/i',`
`22`		`- '/\/(?<=\/)[0-9A-F]{24}(?=\/)?/i',`
	`21`	`+ '/\/(?<=\/)((?=.{7,8}$)\|(?=.{7,8}\/))([A-Z]{3}-?\d[0-9A-Z]\d{2})/i',`
	`22`	`+ '/\/(?<=\/)[0-9A-F]{24,}(?=\/)?/i',`
`23`	`23`	`'/\/(?<=\/)\d+(?=\/)?/',`
`24`	`24`	`],`
`25`	`25`	`[`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ public function testSanitizeLicensePlatesStrings(): void`
`49`	`49`	`self::assertSame('/v7/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>', Uri::sanitize('/v7/test/PET9349/PET9349/PET9349'));`
`50`	`50`	`self::assertSame('/v8/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>/', Uri::sanitize('/v8/test/PET9D49/PET9D49/PET9D49/'));`
`51`	`51`	`self::assertSame('/v8/test/<LICENSE-PLATE>/<LICENSE-PLATE>/<LICENSE-PLATE>/', Uri::sanitize('/v8/test/PET9349/PET9349/PET9349/'));`
	`52`	`+ self::assertSame('/v8/test/PET9349FOOBAR/foo/<LICENSE-PLATE>', Uri::sanitize('/v8/test/PET9349FOOBAR/foo/PET9349'));`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`public function testClearUriUuids(): void`
`@@ -68,6 +69,7 @@ public function testClearUriUuids(): void`
`68`	`69`	`public function testClearUriOids(): void`
`69`	`70`	`{`
`70`	`71`	`$oid = '650229807612bba4984d1fc7';`
	`72`	`+ $oidLonger = 'ddb21302b3c66b5111bb99a907f783e2a29947f0';`
`71`	`73`
`72`	`74`	`self::assertSame('/v1/test', Uri::sanitize('/v1/test'));`
`73`	`75`	`self::assertSame('/v2/test/<OID>', Uri::sanitize("/v2/test/{$oid}"));`
`@@ -77,5 +79,7 @@ public function testClearUriOids(): void`
`77`	`79`	`self::assertSame('/v6/test/<OID>/<OID>/', Uri::sanitize("/v6/test/{$oid}/{$oid}/"));`
`78`	`80`	`self::assertSame('/v7/test/<OID>/<OID>/<OID>', Uri::sanitize("/v7/test/{$oid}/{$oid}/{$oid}"));`
`79`	`81`	`self::assertSame('/v8/test/<OID>/<OID>/<OID>/', Uri::sanitize("/v8/test/{$oid}/{$oid}/{$oid}/"));`
	`82`	`+ self::assertSame('/v2/token/<OID>/foo/<OID>', Uri::sanitize("/v2/token/{$oidLonger}/foo/{$oid}"));`
	`83`	`+ self::assertSame('/v3/token/<OID>/foo/<OID>/bar', Uri::sanitize("/v3/token/$oidLonger/foo/{$oid}/bar"));`
`80`	`84`	`}`
`81`	`85`	`}`