Fix critical regex validation bugs

[cursor]

Bug Report

Critical correctness bugs in regex validation patterns that would cause data validation failures and incorrect acceptance of invalid inputs.

Issues Fixed

1. Phone number validation (line 7): Changed d to \d

   • Previous pattern: /^((d{3,4})|d{3,4}-)?d{7,8}$/
   • Was matching literal 'd' characters instead of digits
   • Valid phone numbers like "0312345678" would fail

2. Email validation (line 9): Changed w to \w

   • Previous pattern: /^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/
   • Was matching literal 'w' characters instead of word characters
   • Valid emails like "test@example.com" would fail

3. Bank card validation (line 11): Added proper anchors and grouping

   • Previous pattern: /^\d{16}|\d{19}$/
   • Missing parentheses caused alternation to only apply to second part
   • "abc1234567890123456" would incorrectly pass validation

4. Name validation (line 13): Fixed Unicode character class syntax

   • Previous pattern: /^(\u4E00-\u9FA5){2,}$/
   • Missing brackets [] around Unicode range
   • Chinese names would fail validation

5. Number validation (line 21): Added trailing anchor

   • Previous pattern: /^-?[0-9]+/
   • Missing $ anchor allowed "123abc" to pass as valid

Impact

• User data validation would reject legitimate inputs
• Form submissions with valid data would fail
• Security checks relying on these patterns would be unreliable

Testing

All patterns verified to correctly match valid inputs after fixes.

  

Summary by Sourcery

Fix regex patterns used for core input validations to correctly enforce the intended constraints and boundaries.

Bug Fixes:

• Correct phone number regex to validate digit-based formats instead of literal 'd' characters.
• Correct email regex to validate word-character-based email addresses instead of literal 'w' characters and ensure proper dot and segment handling.
• Fix bank card regex alternation and anchoring so only fully numeric 16- or 19-digit values pass validation.
• Adjust name regex to use a proper Chinese Unicode character range with correct grouping.
• Tighten numeric regex with an end anchor to reject numbers followed by trailing characters.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Fixes multiple core data validation regular expressions to correctly use digit/word-character classes, proper grouping and anchoring for phone, email, bank card, name, and numeric input validation.

Class diagram for updated core regex validation patterns

classDiagram
  class RegexPatterns {
    RegExp password
    RegExp phone
    RegExp email
    RegExp card
    RegExp name
    RegExp QQ
    RegExp code
    RegExp url
    RegExp number
  }

  class PhonePattern {
    +String pattern
  }

  class EmailPattern {
    +String pattern
  }

  class CardPattern {
    +String pattern
  }

  class NamePattern {
    +String pattern
  }

  class NumberPattern {
    +String pattern
  }

  RegexPatterns --> PhonePattern : uses
  RegexPatterns --> EmailPattern : uses
  RegexPatterns --> CardPattern : uses
  RegexPatterns --> NamePattern : uses
  RegexPatterns --> NumberPattern : uses

  PhonePattern : pattern = /^((\d{3,4})|\d{3,4}-)?\d{7,8}$/
  EmailPattern : pattern = /^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/
  CardPattern : pattern = /^(\d{16}|\d{19})$/
  NamePattern : pattern = /^([\u4E00-\u9FA5]){2,}$/
  NumberPattern : pattern =/^-?[0-9]+$/

Loading

File-Level Changes

Change	Details	Files
Correct phone number regex to use digit character classes instead of matching literal characters.	Replace all occurrences of d with \d in the phone pattern so groups refer to digits. Preserve existing optional area-code grouping and hyphen handling while fixing character classes.	src/regex/index.js
Fix email validation regex to use word-character classes, proper escaping, and dot matching.	Replace literal w with \w in the local and domain parts of the email pattern. Escape the dot before the TLD with \. so it is treated as a literal period instead of any character. Retain existing grouping for optional subcomponents while correcting character classes.	src/regex/index.js
Correct bank card regex alternation and anchoring so only full 16- or 19-digit numbers are accepted.	Wrap `\d{16}	\d{19}` in parentheses so the start and end anchors apply to the entire alternation. Ensure that non-digit prefixes or suffixes cause the match to fail.
Fix name regex Unicode range syntax so Chinese names are properly validated.	Add square brackets around the \u4E00-\u9FA5 range to form a valid character class. Keep the {2,} quantifier to continue enforcing a minimum of two characters.	src/regex/index.js
Tighten numeric regex with an end anchor to disallow trailing non-digit characters.	Add a $ anchor to the numeric pattern to require the entire string to be a signed integer. Preserve support for an optional leading minus sign and one or more digits.	src/regex/index.js

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In the email regex, there appear to be invisible Unicode characters between [-.] and \w in two places; consider retyping those segments to ensure they are plain ASCII (e.g., \w+([-.]\w+)*) to avoid unexpected matching behavior.
• The name regex can be simplified by dropping the capturing group and extra brackets, e.g., name: /^[\u4E00-\u9FA5]{2,}$/, which is equivalent but more readable and avoids an unused capture.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the email regex, there appear to be invisible Unicode characters between `[-.]` and `\w` in two places; consider retyping those segments to ensure they are plain ASCII (e.g., `\w+([-.]\w+)*`) to avoid unexpected matching behavior.
- The name regex can be simplified by dropping the capturing group and extra brackets, e.g., `name: /^[\u4E00-\u9FA5]{2,}$/`, which is equivalent but more readable and avoids an unused capture.

## Individual Comments

### Comment 1
<location path="src/regex/index.js" line_range="9" />
<code_context>
+  phone: /^((\d{3,4})|\d{3,4}-)?\d{7,8}$/,
   // 电子邮箱匹配
-  email: /^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/,
+  email: /^\w+([-+.]\w+)*@\w+([-.]​\w+)*\.\w+([-.]​\w+)*$/,
   // 银行卡匹配
-  card: /^\d{16}|\d{19}$/,
</code_context>
<issue_to_address>
**issue (bug_risk):** Email regex contains invisible characters that will break the pattern.

There are zero-width/non-ASCII spaces between `]` and `\w` in `([-.]​\w+)*` (twice). These invisible characters can make the regex misbehave or fail to parse. Please replace them with plain ASCII: `([-.]\w+)*` in both places.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Email regex contains invisible characters that will break the pattern.

There are zero-width/non-ASCII spaces between ] and \w in ([-.]​\w+)* (twice). These invisible characters can make the regex misbehave or fail to parse. Please replace them with plain ASCII: ([-.]\w+)* in both places.