0

I have the following regular expression in our Rails code:

validates :what_is_the_break_divers_creed, 
format: { with: /^No[\s]*Rules[\s]*\.?[\s]*No[\s]*Excuses[\s]*\.?[\s]*No[\s]*Regrets[\s]*\.?\z/i }

I am receiving the following error:

The provided regular expression is using multiline anchors (^ or $), 
which may present a security risk. Did you mean to use \A and \z, 
or forgot to add the :multiline => true option?

I do have the \z tag, but is it conflicting with the /i tag? Do you see anything wrong with this regular expression that we are doing incorrectly? Why does it think we are using multiline anchors---are we? Would \A\z solve the issue? Should I remove the ^? It seems like it may, but I can't say for certain due to another issue in the same model that we are also working on.

I have read through many other rails regex issues here on S.O., but don't seem to find one that matches the above situation precisely.

Thank you for your help!

Monroe Mann
  • 513
  • 5
  • 11
  • 1
    I don't know Rails, but the message seems to be suggesting you to replace `^` with `\A`. `i` has nothing to do with this. `^` and `$` normally mean start and end of line (in `m` mode); however, in non-multiline mode they mean start and end of the whole string. I guess Rails thinks this difference may cause potential confusion, hence the warning/error. However, I don't know which kind of security risk is at play here; I would be glad to be enlightened by Rails/regex experts. – InSync Jul 08 '23 at 00:31
  • 1
    Also, `[\s]` is unnecessary; just use `\s` directly. – InSync Jul 08 '23 at 00:33

1 Answers1

0

Not sure why, but the following worked. I had to do both of the following to get it to work:

a) changing the enum to:

enum status: { Submitted: 0, Accepted: 1, Refused: 2, NeedsRevision: 3, Edited: 4 }, _prefix: true

b) changing the regex to include \A\z and removing the ^ from the front as follows:

 validates :what_is_the_break_divers_creed, 
 format: { with: /No[\s]*Rules[\s]*\.?[\s]*No[\s]*Excuses[\s]*\.?[\s]*No[\s]*Regrets[\s]*\.?\A\z/i }

I haven't checked to see if the regular expression actually works, but at least I have the form working again. But the curious thing is: I don't know why. Could the bad regular expression code have been interfering with _prefix: true? And once I fixed the regular expression, the _prefix: true code worked?

But I'm still unclear why this enum conflict error appeared in the first place... Anyone know?

Monroe Mann
  • 513
  • 5
  • 11
  • 1
    This regex will *never* work. `\A` denotes the start of string, whereas `\z` denotes the end. You cannot match anything before `\A` nor anything after `\z`. – InSync Jul 08 '23 at 00:34
  • But it does work on https://regexr.com/ when the regex is like this: ^No[\s]*Rules[\s]*\.?[\s]*No[\s]*Excuses[\s]*\.?[\s]*No[\s]*Regrets[\s]*\.?/i But it doesn't work in the rails app. Only on regexr. Sigh... Any thoughts? I am simply trying to match ANY permutation of No Rules. No Excuses. No Regrets. with or without punctuation, with or without spaces, case insensitive. But it must be spelled correctly, and must be in the right order. – Monroe Mann Jul 08 '23 at 00:51
  • This is working a bit better: /No\s*Rules\s*\.?\s*No\s*Excuses\s*\.?\s*No\s*Regrets\s*\.?/i – Monroe Mann Jul 08 '23 at 00:53
  • 1
    See [this question](https://stackoverflow.com/q/4389644) then. TLDR: [`\A(?=.*\bNo\s*Rules\.)(?=.*\bNo\s*Excuses\.)(?=.*\bNo\s*Regrets\.)`](https://rubular.com/r/pHUH7XOmqi1vN0) or a variation thereof. – InSync Jul 08 '23 at 00:56
  • Thanks for the above. The above regex that I shared above is finally working. I will try yours too as a backup. Thanks for your help! Getting rid of the brackets helped greatly. – Monroe Mann Jul 08 '23 at 01:03