Open BarryStokes opened 7 years ago
The regex looks to be too open and validates anything which has the required number of numbers and dashes but doesn't check for additional data in the string, so things like the following would all pass validation:
"{{00000000-0000-0000-0000-000000000000}}" "blah{00000000-0000-0000-0000-000000000000}" "00000000-0000-0000-0000-000000000000n"
If it was changed to the following it might validate better:
m_guidRegex = new Regex("^\\{[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}\\}$");
or
m_guidRegex = new Regex("^\\{{0,1}[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}\\}{0,1}$");
if there was a need to pass as valid a string which wasn't bounded by curly braces.
The regex looks to be too open and validates anything which has the required number of numbers and dashes but doesn't check for additional data in the string, so things like the following would all pass validation:
If it was changed to the following it might validate better:
or
if there was a need to pass as valid a string which wasn't bounded by curly braces.