Validation using permissive regular expression detected.

• Rule ID: php_symfony_permissive_regex_validation
• Languages: php
• Source: permissive_regex_validation.yml

Description

Validations using regular expressions should use the start of text (\A) and end of text (\z or \Z) boundaries.

Remediations

❌ Avoid matching without start and end boundaries:

#[Assert\Regex('/foo/')]
protected string $attribute;

❌ Avoid using line-based boundaries:

#[Assert\Regex('/^foo$/')]
protected string $attribute;

✅ Use whole-text boundaries:

#[Assert\Regex('/\Afoo\z/')]
protected string $attribute;

Resources

• Symfony validation

Associated CWE

• CWE-625: Permissive Regular Expression

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_symfony_permissive_regex_validation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_symfony_permissive_regex_validation