Pattern is not a valid PCRE regular expression

Issue ID: semantic-pattern-incorrect-pcre

Description

One or more strings in your API define a pattern that is not a valid Perl Compatible Regular Expressions (PCRE) and does not conform to the PCRE library.

The OpenAPI Specification defines the pattern format as ECMA Script. 42Crunch API Security Platform uses the pattern format PCRE1 compiled with the PCRE_JAVASCRIPT_COMPAT option which uses ECMA Script syntax for constructs where ECMA Script and PCRE would be different, such as the support of \U and \u for unicode.

For more details, see PCRE - Perl Compatible Regular Expressions.

Example

The following is an example of how this type of risk could look in your API definition:

{
    "parameters": {
        "in": "query",
        "name": "id",
        "type": "string",
        "description": "Identifier of the object to be extracted.",
        "pattern": "^[a-Z]{10,20}$",
        "minLength": 10
    }
}

Remediation

Make sure that all regular expression in your API are valid PCRE regular expressions.

{
    "parameters": {
        "in": "query",
        "name": "id",
        "type": "string",
        "description": "Identifier of the object to be extracted.",
        "pattern": "^[a-z]{25,40}$",
        "minLength": 25,
        "maxLength": 40
    }
}