PoC : regex/s are vulnerable for validation

[Lukmanern]

TL;DR : request to remove some regex-base validation, like email regex validation.
Background : So many CVE's cause by Regex (See : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=regex )

1. Please use Regex wisely, there is email validation using regex and Go has std package/s like validation/v10 or net/mail .
2. Use Regex for validating data with limited character types. Example to validate valid names in id_ID where characters are limited to A-Za-z, with the addition of space, dash and/or a single tick/quote, you can use a regex pattern for validate that name-type.
3. If there isn't a regex pattern available or too hard to create for validating specific data, consider using string replacement and validating each separated part of the data/value, it's more safe and clear to see.
4. And please provide datasets as well for testing each regex base validation/s .

note : user@example.com. (with dot in the end) is valid email for regex validation.

[codecov-commenter]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (1bccdaa) 91.61% compared to head (91a9a3f) 91.61%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #53   +/-   ##
=======================================
  Coverage   91.61%   91.61%           
=======================================
  Files          13       13           
  Lines         465      465           
=======================================
  Hits          426      426           
  Misses         30       30           
  Partials        9        9           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[josestg]

Can you resolve the issue as well, @Lukmanern ? In my opinion, you can put these fuzzy tests into a test file, mas.

[Lukmanern]

I can, I will resolve ASAP, in 4/5 days.