Badly anchored regular expression¶
ID: rb/regex/badly-anchored-regexpKind: path-problemSecurity severity: 7.8Severity: warningPrecision: highTags: - correctness - security - external/cwe/cwe-020Query suites: - ruby-code-scanning.qls - ruby-security-extended.qls - ruby-security-and-quality.qls
Click to see the query in the CodeQL repository
Regular expressions in Ruby can use anchors to match the beginning and end of a string. However, if the^ and$ anchors are used, the regular expression can match a single line of a multi-line string. This allows bad actors to bypass your regular expression checks and inject malicious input.
Recommendation¶
Use the\A and\z anchors since these anchors will always match the beginning and end of the string, even if the string contains newlines.
Example¶
The following (bad) example code uses a regular expression to check that a string contains only digits.
defbad(input)raise"Bad input"unlessinput=~/^[0-9]+$/# ....end
The regular expression/^[0-9]+$/ will match a single line of a multi-line string, which may not be the intended behavior. The following (good) example code uses the regular expression\A[0-9]+\z to match the entire input string.
defgood(input)raise"Bad input"unlessinput=~/\A[0-9]+\z/# ....end