200 days of code, beginner track, month 5
TRANSCRIPT
![Page 1: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/1.jpg)
Chapters 12, 13, 14
Ryne McCall
![Page 2: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/2.jpg)
(a little) Security
Regular expressions
Unicode (maybe)
![Page 3: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/3.jpg)
Security
![Page 4: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/4.jpg)
Security
spectrummore
secure
more
usable
![Page 5: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/5.jpg)
Security ==
Laziness
![Page 6: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/6.jpg)
OWASP top ten•A1-Injection
•A2-Broken Authentication and Session Management
•A3-Cross-Site Scripting (XSS)
•A4-Insecure Direct Object References
•A5-Security Misconfiguration
•A6-Sensitive Data Exposure
•A7-Missing Function Level Access Control
•A8-Cross-Site Request Forgery (CSRF)
•A9-Using Components with Known Vulnerabilities
•A10-Unvalidated Redirects and Forwards
![Page 8: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/8.jpg)
Regular expressions
![Page 9: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/9.jpg)
Agenda
•What are they?
•Best practices
•Problems
![Page 10: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/10.jpg)
History
![Page 11: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/11.jpg)
–Larry Wall
“...we saw how everyone borrowed Perl
5 compatible regular expressions, and
we figured - well, you know, they're a
real big mess, and we're sorry, but
we're changing them now, now that
you've just borrowed them.”
![Page 12: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/12.jpg)
What are they?
![Page 13: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/13.jpg)
PCRE functions•preg_filter — Perform a regular expression search and replace
•preg_grep — Return array entries that match the pattern
•preg_last_error — Returns the error code of the last PCRE regex
execution
•preg_match_all — Perform a global regular expression match
•preg_match — Perform a regular expression match
•preg_quote — Quote regular expression characters
•preg_replace_callback — Perform a regular expression search and
replace using a callback
•preg_replace — Perform a regular expression search and replace
•preg_split — Split string by a regular expression
![Page 14: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/14.jpg)
PCRE functions•preg_filter — Perform a regular expression search and replace
•preg_grep — Return array entries that match the pattern
•preg_last_error — Returns the error code of the last PCRE regex
execution
•preg_match_all — Perform a global regular expression match
•preg_match — Perform a regular expression match
•preg_quote — Quote regular expression characters
•preg_replace_callback — Perform a regular expression search and
replace using a callback
•preg_replace — Perform a regular expression search and replace
•preg_split — Split string by a regular expression
![Page 15: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/15.jpg)
preg_matchint preg_match (
string $pattern ,
string $subject
[, array &$matches]
)
![Page 16: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/16.jpg)
/………/
![Page 17: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/17.jpg)
/………/
![Page 18: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/18.jpg)
/app/A. foo
B. bar
C. apple
D. app
![Page 19: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/19.jpg)
/app/A. foo
B. bar
C. apple
D. app
![Page 20: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/20.jpg)
/a|b/A. a
B. b
C. ab
D. x
![Page 21: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/21.jpg)
/a|b/A. a
B. b
C. ab
D. x
![Page 22: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/22.jpg)
/a+/A. a
B. aaa
C. baaab
D. b
![Page 23: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/23.jpg)
/a+/A. a
B. aaa
C. baaab
D. b
![Page 24: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/24.jpg)
/a*/A. a
B. aaa
C. baaab
D. b
![Page 25: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/25.jpg)
/a*/A. a
B. aaa
C. baaab
D. b
![Page 26: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/26.jpg)
/^app$/A. foo
B. bar
C. apple
D. app
![Page 27: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/27.jpg)
/^app$/A. foo
B. bar
C. apple
D. app
![Page 28: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/28.jpg)
/^ab?c$/A. aac
B. abc
C. ac
D. acc
![Page 29: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/29.jpg)
/^ab?c$/A. aac
B. abc
C. ac
D. acc
![Page 30: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/30.jpg)
/^a.c$/A. aac
B. abc
C. ac
D. acc
![Page 31: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/31.jpg)
/^a.c$/A. aac
B. abc
C. ac
D. acc
![Page 32: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/32.jpg)
/^(?!(?:(?:\\x22?\\x5C[\\x00-
\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-
\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-
\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x2 2(?:[\\x01-
\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-
\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-
\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-
\\x7F]|(?:\\x5C[\\x00-\ \x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-
9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-
9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-
9][:\\]]){7,})(?:[a-f0-9]{1,4}(?: :[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-
9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9 ])|(?:1[0-9]{2})|(?:[1-9]?[0-
9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD
![Page 33: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/33.jpg)
/[[:alpha:]]/ or /[A-Za-z]/A. a
B. b
C. c
D. -
![Page 34: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/34.jpg)
/[[:alpha:]]/ or /[A-Za-z]/A. a
B. b
C. c
D. -
![Page 35: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/35.jpg)
/^[[:alpha:]]+\d*$/A. abc123
B. a
C. ~abc123~
D. 123abc
![Page 36: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/36.jpg)
/^[[:alpha:]]+\d*$/A. abc123
B. a
C. ~abc123~
D. 123abc
![Page 37: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/37.jpg)
/a{2,4}/A. a
B. aa
C. aaaa
D. b
![Page 38: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/38.jpg)
/a{2,4}/A. a
B. aa
C. aaaa
D. b
![Page 39: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/39.jpg)
/^([[:alpha:]]\d)+[[:alpha:]]*$/
A. a0
B. a0xyz
C. 0a1b
D. a0b1xyz
![Page 40: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/40.jpg)
/^([[:alpha:]]\d)+[[:alpha:]]*$/
A. a0
B. a0xyz
C. 0a1b
D. a0b1xyz
![Page 41: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/41.jpg)
/(\d{3})-(\d{3})-(\d{4})/
![Page 42: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/42.jpg)
Best practices
![Page 43: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/43.jpg)
– Jamie Zawinski
“Some people, when
confronted with a problem,
think "I know, I'll use regular
expressions." Now they have
two problems.”
![Page 44: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/44.jpg)
/good text/A. good text; evil text
B. evil text good text
C. good text'; evil text
D. good text
![Page 45: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/45.jpg)
/good text/A. good text; evil text
B. evil text good text
C. good text'; evil text
D. good text
![Page 46: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/46.jpg)
phone-number.php
![Page 47: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/47.jpg)
Problems
![Page 48: 200 Days of Code, Beginner Track, Month 5](https://reader034.vdocuments.us/reader034/viewer/2022051523/58a4f0431a28abd8548b6359/html5/thumbnails/48.jpg)
Thanks