Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

$re = '/##\s(.)*?\\\\n/m'; $str = '## Overview\\nAffected versions of [deep-extend](https://www.npmjs.com/package/deep-extend) are vulnerable to Prototype Pollution. Utilities function in all the listed modules can be tricked into modifying the prototype of \\"Object\\" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object.\\n\\n## PoC by HoLyVieR\\n```js\\nvar merge = require(\'deep-extend\');\\nvar malicious_payload = \'{\\"__proto__\\":{\\"oops\\":\\"It works !\\"}}\';\\n\\nvar a = {};\\nconsole.log(\\"Before : \\" + a.oops);\\nmerge({}, JSON.parse(malicious_payload));\\nconsole.log(\\"After : \\" + a.oops);\\n```\\n\\n## Remediation\\nUpgrade `deep-extend` to version 0.5.1 or higher.\\n\\n## References\\n- [HackerOne Report](https://hackerone.com/reports/311333)\\n- [GitHub Commit](https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f)\\n- [GitHub PR](https://github.com/unclechu/node-deep-extend/pull/40)\\n- [GitHub Issue](https://github.com/unclechu/node-deep-extend/issues/39)'; preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0); // Print the entire match result var_dump($matches);

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php