Fix uuid() accepting {, }, and prefixes inside the string

[edorian]

Instead of stripping "urn:", "uuid:", "{" and "}" from anywhere in the value before matching.

So strings like "5{}50e8400-..." or an interior "urn:" passed the assertion and the un-normalised string was returned to the caller.

Moved the validated into the regex:

• The prefixes are only accepted at the start
• A leading "{" must be paired with a closing "}" using a PCRE conditional

[edorian]

If you'd like a stricter implementation of the RFC the additional suggestion could be:

E.g. this only considers urn:uuid: valid instead of urn:233...

diff --git a/lib/Assert/Assertion.php b/lib/Assert/Assertion.php
index f399751..fd059c7 100644
--- a/lib/Assert/Assertion.php
+++ b/lib/Assert/Assertion.php
@@ -1965,7 +1965,8 @@ class Assertion
     /**
      * Assert that the given string is a valid UUID.
      *
-     * Uses code from {@link https://github.com/ramsey/uuid} that is MIT licensed.
+     * Accepts the RFC 9562 string format (8-4-4-4-12 hexadecimal digits,
+     * case-insensitive), optionally prefixed with "urn:uuid:" (the UUID URN form).
      *
      * @param string $value
      * @param string|callable|null $message
@@ -1974,7 +1975,7 @@ class Assertion
      */
     public static function uuid($value, $message = null, ?string $propertyPath = null): bool
     {
-        if (!\preg_match('/^(?:urn:)?(?:uuid:)?(\{)?[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}(?(1)\})$/D', $value)) {
+        if (!\preg_match('/^(?:urn:uuid:)?[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$/D', $value)) {
             $message = \sprintf(
                 static::generateMessage($message ?: 'Value "%s" is not a valid UUID.'),
                 static::stringify($value)
diff --git a/tests/Assert/Tests/AssertTest.php b/tests/Assert/Tests/AssertTest.php
index 09cca10..abb4eef 100644
--- a/tests/Assert/Tests/AssertTest.php
+++ b/tests/Assert/Tests/AssertTest.php
@@ -1256,12 +1256,8 @@ class AssertTest extends TestCase
             ['ff6f8cb0-c57d-51e1-9b21-0800200c9a66'],
             ['FF6F8CB0-C57D-11E1-9B21-0800200C9A66'],
             ['00000000-0000-0000-0000-000000000000'],
+            ['FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF'],
             ['urn:uuid:ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
-            ['urn:ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
-            ['uuid:ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
-            ['{ff6f8cb0-c57d-11e1-9b21-0800200c9a66}'],
-            ['urn:uuid:{ff6f8cb0-c57d-11e1-9b21-0800200c9a66}'],
-            ['{00000000-0000-0000-0000-000000000000}'],
         ];
     }
 
@@ -1273,6 +1269,11 @@ class AssertTest extends TestCase
             ['ff6f8cb0-c57da-51e1-9b21-0800200c9a66'],
             ['af6f8cb-c57d-11e1-9b21-0800200c9a66'],
             ['3f6f8cb0-c57d-11e1-9b21-0800200c9a6'],
+            ['urn:ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
+            ['uuid:ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
+            ['{ff6f8cb0-c57d-11e1-9b21-0800200c9a66}'],
+            ['urn:uuid:{ff6f8cb0-c57d-11e1-9b21-0800200c9a66}'],
+            ['{00000000-0000-0000-0000-000000000000}'],
             ['{ff6f8cb0-c57d-11e1-9b21-0800200c9a66'],
             ['ff6f8cb0-c57d-11e1-9b21-0800200c9a66}'],
             ['ff6f8cb0-{c57d}-11e1-9b21-0800200c9a66'],