Consider using a RE2 compliant CEL evaluator

[ddn0]

Feature description:

celpy which protovalidate uses does not support RE2-style regular expressions, which is required according to the CEL specification. Consider using a CEL evaluator that does support RE2-style regular expressions.

Problem it solves or use case:

protovalidate implementations should behave similarly across languages but for rules relying on pattern matching, protovalidate-python will consider common patterns like ^foo$ to match a string like foo\n, while other protovalidate implementations would correctly reject it.

The re2 specification indicates that $ should only match end of text unless multiline mode is enabled, and multiline mode is not the default:

$ at end of text (like \z not \Z) or line (m=true)

Additionally, some protovalidate rules are implemented in terms of patterns, e.g., (buf.validate.field).string.uuid which is implemented as the CEL "this == \'\' || this.matches(\'^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$\')" which means it can match a string of 37 characters (the normal 36 plus newline).

Examples or references:

echo '"\n"' | python -m celpy 'string(this).matches("^$")'
# Outputs true

which makes sense because all celpy does is call re.search and

import re
assert re.search("^$", "\n") is not None

The cel-go REPL (correctly) does not match this pattern:

$ git clone https://github.com/google/cel-go
$ cd cel-go/repl/main
$ go run .
cel-repl> %let this = '\n'
cel-repl> this.matches('^$')
false : bool