logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

When-not-to-use-a-regex.md (2568B)

    

  1. ---
  2. date: 2017-08-13
  3. layout: post
  4. title: When not to use a regex
  5. tags: [regex]
  6. ---
  8. The other day, I saw [Learn regex the easy
  9. way](https://github.com/zeeshanu/learn-regex). This is a great resource, but I
  10. felt the need to pen a post explaining that regexes are usually not the right
  11. approach.
  13. Let's do a little exercise. I googled "URL regex" and here's the first Stack
  14. Overflow result:
  16. ```
  17. https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)
  18. ```
  20. <p style="text-align: right">
  21. <small><a href="https://stackoverflow.com/a/3809435/1191610">source</a></small>
  22. </p>
  24. This is a bad regex. Here are some valid URLs that this regex fails to match:
  26. - http://x.org
  27. - http://nic.science
  28. - http://名がドメイン.com (warning: this is a parked domain)
  29. - http://example.org/url,with,commas
  30. - https://en.wikipedia.org/wiki/Harry_Potter_(film_series)
  31. - http://127.0.0.1
  32. - http://[::1] (ipv6 loopback)
  34. Here are some invalid URLs the regex is fine with:
  36. - http://exam..ple.org
  37. - http://--example.org
  39. This answer has been revised 9 times on Stack Overflow, and this is the best
  40. they could come up with. Go back and read the regex. Can you tell where each of
  41. these bugs are? How long did it take you? If you received a bug report in your
  42. application because one of these URLs was handled incorrectly, do you understand
  43. this regex well enough to fix it? If your application has a URL regex, go find
  44. it and see how it fares with these tests.
  46. Complicated regexes are opaque, unmaintainable, and often wrong. The correct
  47. approach to validating a URL is as follows:
  49. ```python
  50. from urllib.parse import urlparse
  52. def is_url_valid(url):
  53.     try:
  54.         urlparse(url)
  55.         return True
  56.     except:
  57.         return False
  58. ```
  60. A regex is useful for validating *simple* patterns and for *finding* patterns in
  61. text. For anything beyond that it's almost certainly a terrible choice. Say you
  62. want to...
  64. **validate an email address**: try to send an email to it!
  66. **validate password strength requirements**: estimate the complexity with
  67. [zxcvbn](https://github.com/dropbox/zxcvbn)!
  69. **validate a date**: use your standard library!
  70. [datetime.datetime.strptime](https://docs.python.org/3.6/library/datetime.html#datetime.datetime.strptime)
  72. **validate a credit card number**: run the [Luhn
  73. algorithm](https://en.wikipedia.org/wiki/Luhn_algorithm) on it!
  75. **validate a social security number**: alright, use a regex. But don't expect
  76. the number to be assigned to someone until you ask the Social Security
  77. Administration about it!
  79. Get the picture?