Regex Without Tests is Asking for Trouble - Don't be lazy. It is free with AI!
TL;DR: Use clear and concise regular expressions, and test them thoroughly.
Regular expressions are powerful but tricky.
If you write a regex without tests, you're asking for unexpected errors.
If you write a cryptic regex and skip automated testing, you could miss important cases, causing security issues or user frustration.
public class PasswordValidator {
public static boolean isValidPassword(String password) {
return password.matches(
"^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)[a-zA-Z\\d]{8,}$");
// This is a cryptic Regular Expression
}
}
import java.util.ArrayList;
import java.util.List;
public class PasswordValidator {
public static List<String> validatePassword(String password) {
List<String> errors = new ArrayList<>();
if (password.length() < 8) {
errors.add(
"Password must be at least 8 characters long.");
}
if (!password.matches(".*[A-Z].*")) {
errors.add(
"Password must contain at least one uppercase letter.");
}
if (!password.matches(".*[a-z].*")) {
errors.add(
"Password must contain at least one lowercase letter.");
}
if (!password.matches(".*\\d.*")) {
errors.add(
"Password must contain at least one digit.");
}
if (errors.isEmpty()) {
errors.add(
"Password is valid.");
}
return errors;
// You no longer need a Regular Expression!!
}
}
import static org.junit.Assert.*;
import org.junit.Test;
public class PasswordValidatorTest {
// Now you have a lot of tests
// You can use a Regular Expression,
// a String Validator
// an External Library
// Whatever you want as long as it passes the tests!
@Test
public void testValidPassword() {
List<String> result =
PasswordValidator.validatePassword(
"StrongPass1");
assertEquals("Password is valid.", result.get(0));
}
@Test
public void testTooShortPassword() {
List<String> result = PasswordValidator.validatePassword(
"Short1");
assertTrue(result.contains(
"Password must be at least 8 characters long."));
}
@Test
public void testNoUppercase() {
List<String> result = PasswordValidator.validatePassword(
"nouppercase1");
assertTrue(
result.contains(
"Password must contain at least one uppercase letter."));
}
@Test
public void testNoLowercase() {
List<String> result = PasswordValidator.validatePassword(
"NOLOWERCASE1");
assertTrue(result.contains(
"Password must contain at least one lowercase letter."));
}
@Test
public void testNoNumber() {
List<String> result = PasswordValidator.validatePassword(
"NoNumberPass");
assertTrue(result.contains(
"Password must contain at least one digit."));
}
}
You can detect when your regex is uncovered by changing it to fail and running all your tests.
If your validation returns "false" without user-friendly explanations, it's a clear sign you need to refactor it and improve the feedback.
AI can generate regular expressions but often fails to provide helpful error messages.
Without proper instructions, AI-generated validators may fail to guide users through fixing their inputs.
AI can detect basic regular expression patterns and missing feedback with clear prompting.
it might not automatically create detailed test cases or descriptions unless asked specifically.
Remember: AI Assistants make lots of mistakes
Without Proper Instructions |
With Specific Instructions |
---|---|
A regular expression without clear feedback is user-unfriendly and prone to errors.
It would help if you described why they failed and wrote thorough tests to ensure your regex works as expected.
Code Smell 185 - Evil Regular Expressions
Code Smells are my opinion.
Photo by rc.xyz NFT gallery on Unsplash
Feedback is the breakfast of champions.
Ken Blanchard
This article is part of the CodeSmell Series.