title | layout | author | contributors | tags | permalink |
OWASP Validation Regex Repository |
col-sidebar |
regex, validation |
/OWASP_Validation_Regex_Repository |
{% include writers.html %}
Note: These Regexs are examples and not built for a particular Regex
engine. However, the PCRE syntax is mainly used. In particular, this
means that character classes do not contain meta characters which
need to be escaped, except the `-` and `]` character, where it is
assumed that a `-` needs not to be escaped only when it is the last
character in a character class. The character class supports
shortcut notations for other character classes like `\s` or `\w`
which should not be used as they depend on the LOCALE environment
setting in most systems.
Please carefully test the regex in your regex engine.
<?xml version="1.0"?>
<description>A valid URL per the URL spec.</description>
<description>A valid IP Address</description>
<description>A valid e-mail address</description>
<pattern><![CDATA[^[a-zA-Z0-9 .-]+$]]></pattern>
<description>Lower and upper case letters and all digits</description>
<description>Date in US format with support for leap years</description>
<description>A valid credit card number</description>
<description>4 to 8 character password requiring numbers and both lowercase and uppercase letters</description>
<description>4 to 32 character password requiring at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) and no more than 2 equal characters in a row</description>
<description>The English words representing the digits 0 to 9</description>
<description>English 2 character abbreviations for the days of the week</description>
<description>English 3 character abbreviations for the months</description>
<description>The French words representing the digits 0 to 9</description>
<description>The German words representing the digits 0 to 9</description>
<description>The Spanish words representing the digits 0 to 9</description>
<description>US zip code with optional dash-four</description>
<description>US phone number with or without dashes</description>
<description>2 letter U.S. state abbreviations</description>
<description>9 digit U.S. social security number with dashes</description>
<!-- Some additional examples that have not been vetted
// HTML HEX CODE ^#?([a-f]|[A-F]|[0-9]){3}(([a-f]|[A-F]|[0-9]){3})?$
// FLOATING POINT ^[-+]?[0-9]+[.]?[0-9]*([eE][-+]?[0-9]+)?$
// PERSON NAME ^[a-zA-Z]+(([',. -][a-zA-Z ])?[a-zA-Z]*)*$
// MAC ADDRESS ^([0-9a-fA-F][0-9a-fA-F]:){5}([0-9a-fA-F][0-9a-fA-F])$
// GUID ^[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{12}$
// IP ADDRESS ^\b((25[0-5]|2[0-4]\d|[01]\d\d|\d?\d)\.){3}(25[0-5]|2[0-4]\d|[01]\d\d|\d?\d)\b$
// IP ADDRESS (^\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b$
// REASONABLE DOMAIN NAME ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$
// RFC 1918 NON ROUTABLE IP ^(((25[0-5]|2[0-4][0-9]|19[0-1]|19[3-9]|18[0-9]|17[0-1]|17[3-9]|1[0-6][0-9]|1[1-9]|[2-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]))|(192\.(25[0-5]|2[0-4][0-9]|16[0-7]|169|1[0-5][0-9]|1[7-9][0-9]|[1-9][0-9]|[0-9]))|(172\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|1[0-5]|3[2-9]|[4-9][0-9]|[0-9])))\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$
// VALID WINDOWS FILENAME ^(?!^(PRN|AUX|CLOCK\$|NUL|CON|COM\d|LPT\d|\..*)(\..+)?$)[^\x00-\x1f\\?*:\";|/]+$
// Warning, per https://en.wikipedia.org/wiki/ReDoS the Java Classname RegEx below is vulnerable to RegExDos
// Java Classname ^(([a-z])+.)+[A-Z]([a-z])+$
// The correct RegEx for java classnames is the following one, and not vulnerable:
// Java Classname ^(([a-z])+\.)+[A-Z]([a-zA-Z])+$
// ANY PLATFORM FILENAME ^(([a-zA-Z]:|\\)\\)?(((\.)|(\.\.)|([^\\/:*?"|<>. ](([^\\/:*?"|<>. ])|([^\\/:*?"|<>]*[^\\/:*?"|<>. ]))?))\\)*[^\\/:*?"|<>. ](([^\\/:*?"|<>. ])|([^\\/:*?"|<>]*[^\\/:*?"|<>. ]))?$
Regex Library Site
http://regexlib.com: A site that has a HUGE library of regular expressions and other regex resources
Regex Tutorial Site
http://www.regular-expressions.info: A site with lots of tutorials on writing Regexs and numerous examples
Regex Construction Tool
http://www.ultrapico.com/Expresso.htm: A free regex construction tool
Regex Explanation Tool
http://rick.measham.id.au/paste/explain.pl?regex=.*: Explains in English what the supplied regex means