Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix regular expression anchors #3472

Closed
1 task done
matt257 opened this issue Mar 28, 2024 · 1 comment · Fixed by #3476
Closed
1 task done

Fix regular expression anchors #3472

matt257 opened this issue Mar 28, 2024 · 1 comment · Fixed by #3476

Comments

@matt257
Copy link
Contributor

matt257 commented Mar 28, 2024

Tracking issue for:

opened as a test for opening issues from code scanning alerts

@matt257 matt257 added this to the Backlog milestone Mar 28, 2024
@matt257 matt257 self-assigned this Mar 28, 2024
@matt257
Copy link
Contributor Author

matt257 commented Mar 28, 2024

Regular expressions in Ruby can use anchors to match the beginning and end of a string. However, if the ^ and $ anchors are used, the regular expression can match a single line of a multi-line string. This allows bad actors to bypass your regular expression checks and inject malicious input.

Recommendation
Use the \A and \z anchors since these anchors will always match the beginning and end of the string, even if the string contains newlines.

@matt257 matt257 linked a pull request Mar 28, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant