Skip to main content
Version: 2024.4

Custom Yaml Validation

In order to prevent unwanted input in your Yaml configuration, you can add specific validation rules. Those rules are then enforced on saving and will result in an error message if the validation fails. If the configuration matches with some input of the Yaml it will fail. Make sure to use the correct regex.

The following code shows how the validation is done to make it easier to understand how to write your regex.

/**
* @throws InsecureYamlException
*/
private function checkRegexes(array $regexes, string $content): void
{
$errors = [];
foreach ($regexes as $regex) {
if (u($content)->match($regex)) {
$errors[] = $regex;
}
}

if (!empty($errors)) {
throw new InsecureYamlException(
sprintf('Yaml must not match with following regex: %s', implode(', ', $errors))
);
}
}

How to add custom validation

You can add the custom_yaml_validation_regex to your configuration. Beware that this node is an array, so you can add multiple validation rules.

Example

pimcore_copilot:
custom_yaml_validation_regex:
- /yIDoghQo'/ # This regex prevents the usage of "Don't be silly." in Klingon
- /anakin/ # Anakin is also not allowed