From b57f4c6f039baa72e2bd5b75fd8de77e1b9228e3 Mon Sep 17 00:00:00 2001 From: Goran Seric Date: Sat, 27 Feb 2021 20:13:09 +0100 Subject: [PATCH] Fix regex injection (#1079) Closes #1078 --- src/Definition/Value/FixtureMatchReferenceValue.php | 6 +++--- tests/Definition/Value/FixtureMatchReferenceValueTest.php | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/Definition/Value/FixtureMatchReferenceValue.php b/src/Definition/Value/FixtureMatchReferenceValue.php index c119f6d36..04c702aff 100644 --- a/src/Definition/Value/FixtureMatchReferenceValue.php +++ b/src/Definition/Value/FixtureMatchReferenceValue.php @@ -38,19 +38,19 @@ public function __construct(string $pattern) */ public static function createWildcardReference(string $reference): self { - return new self(sprintf('/^%s.*/', $reference)); + return new self(sprintf('/^%s.*/', preg_quote($reference, '/'))); } public function match(string $value): bool { return 1 === preg_match($this->pattern, $value); } - + public function getValue(): string { return $this->pattern; } - + public function __toString(): string { return sprintf('@(regex: %s)', $this->pattern); diff --git a/tests/Definition/Value/FixtureMatchReferenceValueTest.php b/tests/Definition/Value/FixtureMatchReferenceValueTest.php index 721effce9..ac12c8107 100644 --- a/tests/Definition/Value/FixtureMatchReferenceValueTest.php +++ b/tests/Definition/Value/FixtureMatchReferenceValueTest.php @@ -56,4 +56,10 @@ public function testCanBeCastedIntoAString(): void $value = FixtureMatchReferenceValue::createWildcardReference('dummy'); static::assertEquals('@(regex: /^dummy.*/)', (string) $value); } + + public function testReferenceIsRegexEscaped(): void + { + $value = FixtureMatchReferenceValue::createWildcardReference('du/m*m+y.ref[ere]n(c)e'); + static::assertEquals('/^du\\/m\\*m\\+y\\.ref\\[ere\\]n\\(c\\)e.*/', $value->getValue()); + } }