CWE-186 过度严格的正则表达式

Overly Restrictive Regular Expression

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

A regular expression is overly restrictive, which prevents dangerous values from being detected.

扩展描述

This weakness is not about regexp complexity. Rather It is about a regular expression that does not match all values that are intended. Consider the use of a regexp to whitelist acceptable values or to blacklist unwanted terms. An overly restrictive regexp misses some potentially security-relevant values leading to either false positives or false negatives, depending on how the regexp is being used within the code. Consider the expression /[0-8]/ where the intention was /[0-9]/. This expression is not “complex” but the value “9” is not matched when maybe the programmer planned to check for it.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 185 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 185 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: CanAlsoBe cwe_CWE_ID: 184 cwe_View_ID: 1000

  • cwe_Nature: CanAlsoBe cwe_CWE_ID: 183 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism

可能的缓解方案

Implementation

策略:

Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject your regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor your regular expression.

分析过的案例

标识 说明 链接

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Overly Restrictive Regular Expression