This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Validation Regex Repository"
From OWASP
(Added 7xxx Credit Card number for store cards. Added underscore to email address. Added AE and AP states.) |
|||
| Line 3: | Line 3: | ||
<regex> | <regex> | ||
<name>url</name> | <name>url</name> | ||
| − | <pattern>^((((https?|ftps?|gopher|telnet|nntp)://)|(mailto:|news:))(%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$</pattern> | + | <pattern>^((((https?|ftps?|gopher|telnet|nntp)://)|(mailto:|news:)) |
| + | (%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$</pattern> | ||
<description></description> | <description></description> | ||
</regex> | </regex> | ||
| Line 39: | Line 40: | ||
<regex> | <regex> | ||
<name>state</name> | <name>state</name> | ||
| − | <pattern>^(AE|AL|AK|AP|AS|AZ|AR|CA|CO|CT|DE|DC|FM|FL|GA|GU|HI|ID|IL|IN|IA|KS|KY|LA|ME|MH|MD|MA|MI|MN|MS|MO|MP|MT|NE|NV|NH|NJ|NM|NY|NC|ND|OH|OK|OR|PW|PA|PR|RI|SC|SD|TN|TX|UT|VT|VI|VA|WA|WV|WI|WY)$</pattern> | + | <pattern>^(AE|AL|AK|AP|AS|AZ|AR|CA|CO|CT|DE|DC|FM|FL|GA|GU|HI|ID|IL|IN|IA|KS|KY|LA|ME|MH|MD |
| + | |MA|MI|MN|MS|MO|MP|MT|NE|NV|NH|NJ|NM|NY|NC|ND|OH|OK|OR|PW|PA|PR|RI|SC|SD|TN|TX|UT|VT|VI|VA| | ||
| + | WA|WV|WI|WY)$</pattern> | ||
<description>Two letter state abbreviations</description> | <description>Two letter state abbreviations</description> | ||
</regex> | </regex> | ||
| Line 45: | Line 48: | ||
<regex> | <regex> | ||
<name>date</name> | <name>date</name> | ||
| − | <pattern>^(?:(?:(?:0?[13578]|1[02])(\/|-|\.)31)\1|(?:(?:0?[1,3-9]|1[0-2])(\/|-|\.)(?:29|30)\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:0?2(\/|-|\.)29\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:(?:0?[1-9])|(?:1[0-2]))(\/|-|\.)(?:0?[1-9]|1\d|2[0-8])\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$</pattern> | + | <pattern>^(?:(?:(?:0?[13578]|1[02])(\/|-|\.)31)\1|(?:(?:0?[1,3-9]|1[0-2])(\/|-|\.) |
| + | (?:29|30)\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:0?2(\/|-|\.)29\3(?:(?:(?:1[6-9]|[2-9]\d)? | ||
| + | (?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:(?:0?[1-9])| | ||
| + | (?:1[0-2]))(\/|-|\.)(?:0?[1-9]|1\d|2[0-8])\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$</pattern> | ||
<description>Date in US format with support for leap years</description> | <description>Date in US format with support for leap years</description> | ||
</regex> | </regex> | ||
| Line 58: | Line 64: | ||
<name>password</name> | <name>password</name> | ||
<pattern>^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$</pattern> | <pattern>^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$</pattern> | ||
| − | <description>4 to 8 character password requiring numbers | + | <description>4 to 8 character password requiring numbers and both lowercase and uppercase letters</description> |
</regex> | </regex> | ||
| Line 87: | Line 93: | ||
// ANY PLATFORM FILENAME ^(([a-zA-Z]:|\\)\\)?(((\.)|(\.\.)|([^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?))\\)*[^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?$ | // ANY PLATFORM FILENAME ^(([a-zA-Z]:|\\)\\)?(((\.)|(\.\.)|([^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?))\\)*[^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?$ | ||
--> | --> | ||
| − | |||
[[Category:OWASP Validation Project]] | [[Category:OWASP Validation Project]] | ||
Revision as of 22:13, 12 March 2009
<?xml version="1.0"?> <regex> <name>url</name> <pattern>^((((https?|ftps?|gopher|telnet|nntp)://)|(mailto:%7Cnews:)) (%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,]blank:)?$</pattern> <description></description> </regex> <regex> <name>email</name> <pattern>^[\w\-\+\&\*]+(?:\.[\w\-\_\+\&\*]+)*@(?:[\w-]+\.)+[a-zA-Z]{2,7}$</pattern> <description></description> </regex> <regex> <name>safetext</name> <pattern>^[a-zA-Z0-9\s.\-]+$</pattern> <description>Lower and upper case letters and all digits</description> </regex> <regex> <name>digitwords</name> <pattern>^(zero|one|two|three|four|five|six|seven|eight|nine)$</pattern> <description>The English words representing the digits 0 to 9</description> </regex> <regex> <name>zip</name> <pattern>^\d{5}(-\d{4})?$</pattern> <description>US zip code with optional dash-four</description> </regex> <regex> <name>phone</name> <pattern>^\D?(\d{3})\D?\D?(\d{3})\D?(\d{4})$</pattern> <description>US phone number with or without dashes</description> </regex> <regex> <name>state</name> <pattern>^(AE|AL|AK|AP|AS|AZ|AR|CA|CO|CT|DE|DC|FM|FL|GA|GU|HI|ID|IL|IN|IA|KS|KY|LA|ME|MH|MD |MA|MI|MN|MS|MO|MP|MT|NE|NV|NH|NJ|NM|NY|NC|ND|OH|OK|OR|PW|PA|PR|RI|SC|SD|TN|TX|UT|VT|VI|VA| WA|WV|WI|WY)$</pattern> <description>Two letter state abbreviations</description> </regex> <regex> <name>date</name> <pattern>^(?:(?:(?:0?[13578]|1[02])(\/|-|\.)31)\1|(?:(?:0?[1,3-9]|1[0-2])(\/|-|\.) (?:29|30)\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:0?2(\/|-|\.)29\3(?:(?:(?:1[6-9]|[2-9]\d)? (?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:(?:0?[1-9])| (?:1[0-2]))(\/|-|\.)(?:0?[1-9]|1\d|2[0-8])\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$</pattern> <description>Date in US format with support for leap years</description> </regex> <regex> <name>creditcard</name> <pattern>^((4\d{3})|(5[1-5]\d{2})|(6011)|(7\d{3}))-?\d{4}-?\d{4}-?\d{4}|3[4,7]\d{13}$</pattern> <description></description> </regex> <regex> <name>password</name> <pattern>^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$</pattern> <description>4 to 8 character password requiring numbers and both lowercase and uppercase letters</description> </regex> <regex> <name>ssn</name> <pattern>^\d{3}-\d{2}-\d{4}$</pattern> <description>9 digit social security number with dashes</description> </regex> <regex> <name>monthwords</name> <pattern>^(Jan|Feb|Mar|Apr|May|Jun|Jul|Apr|Sep|Oct|Nov|Dec)$</pattern> <description>3 character abbreviations for the months</description> </regex> <!— Some additional examples that have not been vetted // HTML HEX CODE ^#?([a-f]|[A-F]|[0-9]){3}(([a-f]|[A-F]|[0-9]){3})?$ // FLOATING POINT ^[-+]?[0-9]+[.]?[0-9]*([eE][-+]?[0-9]+)?$ // PERSON NAME ^[a-zA-Z]+(([\'\,\.\- ][a-zA-Z ])?[a-zA-Z]*)*$ // MAC ADDRESS ^([0-9a-fA-F][0-9a-fA-F]:){5}([0-9a-fA-F][0-9a-fA-F])$ // GUID ^[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{12}$ // IP ADDRESS ^\b((25[0-5]|2[0-4]\d|[01]\d\d|\d?\d)\.){3}(25[0-5]|2[0-4]\d|[01]\d\d|\d?\d)\b$ // REASONABLE DOMAIN NAME ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$ // RFC 1918 NON ROUTABLE IP ^(((25[0-5]|2[0-4][0-9]|19[0-1]|19[3-9]|18[0-9]|17[0-1]|17[3-9]|1[0-6][0-9]|1[1-9]|[2-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]))|(192\.(25[0-5]|2[0-4][0-9]|16[0-7]|169|1[0-5][0-9]|1[7-9][0-9]|[1-9][0-9]|[0-9]))|(172\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|1[0-5]|3[2-9]|[4-9][0-9]|[0-9])))\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$ // VALID WINDOWS FILENAME ^(?!^(PRN|AUX|CLOCK\$|NUL|CON|COM\d|LPT\d|\..*)(\..+)?$)[^\x00-\x1f\\?*:\";|/]+$ // Java Classname ^(([a-z])+.)+[A-Z]([a-z])+$ // ANY PLATFORM FILENAME ^(([a-zA-Z]:|\\)\\)?(((\.)|(\.\.)|([^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?))\\)*[^\\/:\*\?"\|<>\. ](([^\\/:\*\?"\|<>\. ])|([^\\/:\*\?"\|<>]*[^\\/:\*\?"\|<>\. ]))?$ -->
