Implement regex validation conditions in form logic

[chiragchhatrala]

• Added support for 'matches_regex' and 'does_not_match_regex' conditions in FormPropertyLogicRule and FormLogicConditionChecker.
• Updated validation logic to handle regex patterns, including error handling for invalid patterns.
• Enhanced tests to cover scenarios for successful and failed regex validation, ensuring proper feedback for form submissions.
• Updated JSON schema to include new regex condition types.

These changes improve the flexibility of form validation by allowing regex-based conditions, enhancing user experience through more robust validation mechanisms.

Summary by CodeRabbit

• New Features

  • Introduced regex-based comparators for form logic: matches_regex and does_not_match_regex.
  • Enhanced form submission logic to support regex validation conditions.
  • Expanded filtering capabilities for text fields with new regex comparators.

• Bug Fixes

  • Improved error handling for regex operations during form validation.

• Tests

  • Added new test cases for form submissions with regex validation, including handling invalid regex patterns.

[coderabbitai]

Warning

Rate limit exceeded

@chiragchhatrala has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 3 minutes and 40 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 2dd69d1 and 59eb540.

📒 Files selected for processing (1)

• api/app/Service/Forms/FormLogicConditionChecker.php (1 hunks)

Walkthrough

The pull request introduces enhancements to the form logic validation system by adding two new regex-based comparators, matches_regex and does_not_match_regex, to various components. These changes are implemented in the FormPropertyLogicRule class, the FormLogicConditionChecker, and associated test files. The updates include modifications to methods for condition checking and error handling, as well as the addition of new test cases to ensure the functionality works as intended. The changes also extend the filtering capabilities in the client-side configuration.

Changes

File Path	Change Summary
api/app/Rules/FormPropertyLogicRule.php	Added private $operator property; added matches_regex and does_not_match_regex to CONDITION_MAPPING; modified checkBaseCondition and valueHasCorrectType methods for regex validation.
api/app/Service/Forms/FormLogicConditionChecker.php	Introduced new cases in textConditionMet method for handling matches_regex and does_not_match_regex conditions with error handling.
api/tests/Feature/Forms/FormLogicTest.php	Added tests for regex validation, including successful submissions, failures, and handling of invalid regex patterns.
client/data/open_filters.json	Added matches_regex and does_not_match_regex comparators with expected type string and format regex.
client/lib/forms/FormLogicConditionChecker.js	Updated textConditionMet function to handle matches_regex and does_not_match_regex cases with error handling.
api/resources/data/open_filters.json	Added matches_regex and does_not_match_regex comparators for "text" and additional comparators for "matrix" fields.

Poem

In the fields of logic, we hop and play,
New regex rules brighten the day.
With patterns to match, and checks that are keen,
Our forms now dance in a validation scene!
So let’s celebrate with a joyful cheer,
For regex magic is finally here! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 8

🧹 Outside diff range and nitpick comments (2)

api/app/Service/Forms/FormLogicConditionChecker.php (1)

311-311: Remove debug statements.

The ray() debugging statements should not be present in production code.

-                    ray('matches_regex', $propertyCondition['value'], $value);
-                    ray('matches_regex_error', $e);

Also applies to: 314-314

api/tests/Feature/Forms/FormLogicTest.php (1)

500-546: Consider using data provider for comprehensive regex pattern testing.

The test could be enhanced by testing multiple invalid regex patterns to ensure robust error handling.

Consider using a data provider to test various invalid patterns:

• Unmatched parentheses: (
• Unmatched brackets: [
• Invalid quantifiers: ?*
• Invalid character classes: [a-

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b782631 and 5bb6c11.

📒 Files selected for processing (5)

• api/app/Rules/FormPropertyLogicRule.php (4 hunks)
• api/app/Service/Forms/FormLogicConditionChecker.php (1 hunks)
• api/tests/Feature/Forms/FormLogicTest.php (2 hunks)
• client/data/open_filters.json (1 hunks)
• client/lib/forms/FormLogicConditionChecker.js (1 hunks)

🔇 Additional comments (4)

client/lib/forms/FormLogicConditionChecker.js (1)

Line range hint 1-1: Request review of client-side implementation.

The JavaScript implementation of regex validation in client/lib/forms/FormLogicConditionChecker.js is missing from the review. This file is critical for ensuring consistent regex validation behavior between client and server sides.

client/data/open_filters.json (1)

232-242: Consider adding regex pattern validation constraints.

While the schema correctly defines the new regex comparators, consider adding additional constraints to prevent invalid or malicious regex patterns:

1. Maximum pattern length to prevent ReDoS attacks
2. Allowed/disallowed regex features (e.g., lookaheads, backreferences)
3. Pattern validation rules (e.g., must be a valid regex syntax)

api/app/Rules/FormPropertyLogicRule.php (2)

74-85: LGTM! Regex comparators are well-defined.

The new comparators are correctly configured with appropriate types and formats.

---

687-688: LGTM! Property is well-defined.

The private property is correctly defined and serves a clear purpose.

[coderabbitai]

⚠️ Potential issue

Fix potential regex injection vulnerability.

Direct concatenation of user input into regex patterns is unsafe. The pattern should be properly escaped and validated:

1. Escape regex delimiters in the pattern
2. Validate the pattern before use
3. Consider using a whitelist of allowed regex features

-                    return (bool) preg_match('/' . $propertyCondition['value'] . '/', $value);
+                    $pattern = $propertyCondition['value'];
+                    if (!$this->isValidRegexPattern($pattern)) {
+                        throw new \InvalidArgumentException('Invalid regex pattern');
+                    }
+                    $escaped_pattern = '/' . str_replace('/', '\/', $pattern) . '/';
+                    return (bool) preg_match($escaped_pattern, $value);

Add this helper method:

private function isValidRegexPattern(string $pattern): bool
{
    try {
        // Test compile the pattern
        return @preg_match('/' . str_replace('/', '\/', $pattern) . '/', '') !== false;
    } catch (\Exception $e) {
        return false;
    }
}

Also applies to: 319-319

[coderabbitai]

⚠️ Potential issue

Standardize error handling behavior.

The error handling differs between matches_regex (returns false) and does_not_match_regex (returns true). This inconsistency could lead to unexpected behavior. Consider standardizing the error handling to always return false on invalid patterns.

                 } catch (\Exception $e) {
-                    ray('matches_regex_error', $e);
-                    return false;
+                    throw new \InvalidArgumentException('Invalid regex pattern: ' . $e->getMessage());
                 }
             case 'does_not_match_regex':
                 try {
                     return !(bool) preg_match('/' . $propertyCondition['value'] . '/', $value);
                 } catch (\Exception $e) {
-                    return true;
+                    throw new \InvalidArgumentException('Invalid regex pattern: ' . $e->getMessage());
                 }

Also applies to: 320-322

[coderabbitai]

🛠️ Refactor suggestion

Add performance safeguards for regex evaluation.

Consider adding safeguards against catastrophic backtracking:

1. Set a timeout limit for regex evaluation
2. Limit pattern complexity
3. Consider using preg_match_all() with a limit for potentially problematic patterns

private function evaluateRegexPattern(string $pattern, string $value, int $timeout_ms = 100): bool
{
    // Set timeout
    ini_set('pcre.backtrack_limit', '1000000');
    ini_set('pcre.jit', '0');

    // Use custom error handler to catch timeouts
    set_error_handler(function($errno, $errstr) {
        throw new \RuntimeException('Regex evaluation timeout');
    }, E_WARNING);

    try {
        $escaped_pattern = '/' . str_replace('/', '\/', $pattern) . '/';
        return (bool) preg_match($escaped_pattern, $value);
    } finally {
        restore_error_handler();
    }
}

[coderabbitai]

⚠️ Potential issue

Fix field mapping in validation setup.

The validation is being applied to the 'Name' field but using the 'Email' field's value.

Apply this diff to fix the field mapping:

-if (in_array($property['name'], ['Name'])) {
+if (in_array($property['name'], ['Email'])) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (in_array($property['name'], ['Name'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]'; // Non-Gmail address should pass
	}
	if (in_array($property['name'], ['Email'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]'; // Non-Gmail address should pass
	}

[coderabbitai]

⚠️ Potential issue

Fix field mapping in validation setup.

The validation is being applied to the 'Name' field but using the 'Email' field's value, which is confusing and could lead to maintenance issues.

Apply this diff to fix the field mapping:

-if (in_array($property['name'], ['Name'])) {
+if (in_array($property['name'], ['Email'])) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (in_array($property['name'], ['Name'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]';
	}
	if (in_array($property['name'], ['Email'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]';
	}

[coderabbitai]

⚠️ Potential issue

Fix field mapping in validation setup.

The validation is being applied to the 'Name' field but using the 'Email' field's value.

Apply this diff to fix the field mapping:

-if (in_array($property['name'], ['Name'])) {
+if (in_array($property['name'], ['Email'])) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (in_array($property['name'], ['Name'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]'; // Non-Gmail address should fail
	}
	if (in_array($property['name'], ['Email'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]'; // Non-Gmail address should fail
	}

[coderabbitai]

⚠️ Potential issue

Fix field mapping in validation setup.

The validation is being applied to the 'Name' field but using the 'Email' field's value.

Apply this diff to fix the field mapping:

-if (in_array($property['name'], ['Name'])) {
+if (in_array($property['name'], ['Email'])) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (in_array($property['name'], ['Name'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]';
	}
	if (in_array($property['name'], ['Email'])) {
	$property['validation'] = ['error_conditions' => $condition, 'error_message' => $validationMessage];
	$submissionData[$targetField['id']] = '[email protected]';
	}

[coderabbitai]

⚠️ Potential issue

Improve regex pattern validation for better security and reliability.

The current implementation has potential security issues and might not catch all invalid patterns.

Consider these improvements:

1. Use a proper regex delimiter and escape pattern:

-                    preg_match('/' . $value . '/', '');
+                    $pattern = '/' . preg_quote($value, '/') . '/';
+                    preg_match($pattern, 'test');

2. Add additional validation:

if (strlen($value) > 1000) {
    $this->conditionErrors[] = 'regex pattern too long';
    return false;
}

3. Consider using preg_match_all with a limit to prevent catastrophic backtracking:

@preg_match_all($pattern, 'test', $matches, 0, -1, PREG_OFFSET_CAPTURE);
if (preg_last_error() !== PREG_NO_ERROR) {
    $this->conditionErrors[] = 'invalid regex pattern: ' . preg_last_error_msg();
    return false;
}

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

api/resources/data/open_filters.json (2)

232-243: Consider adding regex pattern constraints for security

While the regex comparators are well-structured, consider adding pattern constraints or validation rules to prevent potential security issues like ReDoS (Regular Expression Denial of Service) attacks.

Suggestions:

1. Add a maximum pattern length limit
2. Consider adding a pattern_constraints field to specify allowed/disallowed regex features
3. Document safe regex patterns in the schema

Example enhancement:

 "matches_regex": {
   "expected_type": "string",
   "format": {
     "type": "regex"
+    "constraints": {
+      "max_length": 1000,
+      "disallowed_features": ["lookaheads", "backreferences"]
+    }
   }
 }

---

257-257: Fix inconsistent JSON formatting

There are spacing inconsistencies in the "type" field declarations.

Apply this formatting fix:

-          "type":"object"
+          "type": "object"

Also applies to: 263-263, 269-269

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5bb6c11 and 2dd69d1.

📒 Files selected for processing (1)

• api/resources/data/open_filters.json (1 hunks)

🔇 Additional comments (1)

api/resources/data/open_filters.json (1)

246-270: Verify scope of matrix comparator changes

The PR objectives specifically mention implementing regex validation conditions, but the changes also include new matrix comparators. Please clarify if these matrix-related changes should be part of this PR or moved to a separate one for better change isolation.

[coderabbitai]

🛠️ Refactor suggestion

Define schema for matrix object structure

The matrix comparators lack a schema definition for the expected object structure, which could lead to validation inconsistencies.

Consider adding a schema definition:

 "matrix": {
   "comparators": {
+    "schema": {
+      "type": "object",
+      "properties": {
+        "rows": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "columns": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": ["rows", "columns"]
+    },
     "equals": {
       "expected_type": "object",
       "format": {
         "type": "object"
+        "ref": "#/comparators/schema"
       }
     },
     // Apply similar changes to other comparators

Committable suggestion skipped: line range outside the PR's diff.