Badly anchored regular expression¶
ID: rb/regex/badly-anchored-regexp Kind: path-problem Severity: warning Precision: high Tags: - correctness - security - external/cwe/cwe-020 Query suites: - ruby-code-scanning.qls - ruby-security-extended.qls - ruby-security-and-quality.qls
Regular expressions in Ruby can use anchors to match the beginning and end of a string. However, if the
$ anchors are used, the regular expression can match a single line of a multi-line string. This allows bad actors to bypass your regular expression checks and inject malicious input.
\z anchors since these anchors will always match the beginning and end of the string, even if the string contains newlines.
The following (bad) example code uses a regular expression to check that a string contains only digits.
def bad(input) raise "Bad input" unless input =~ /^[0-9]+$/ # .... end
The regular expression
/^[0-9]+$/ will match a single line of a multi-line string, which may not be the intended behavior. The following (good) example code uses the regular expression
\A[0-9]+\z to match the entire input string.
def good(input) raise "Bad input" unless input =~ /\A[0-9]+\z/ # .... end