Insecure Use of Regular Expressions
Why is this important?
Regular Expressions (Regex) are used in almost every application. However, it is often overlooked that Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. This can lead to issues that bypass security-related user input validation.
Read below to find out how to fix this issue in your code.
Fixing Insecure Use of Regular Expressions
Option A: Use the Right Regex Syntax
- Go through the issues that GuardRails identified in the PR.
- Identify any
^
or$
operators in the regular expression.
/^https?:\/\/[^\n]+$/i
- Replace
^
with\A
and/or$
with\z
/\Ahttps?:\/\/[^\n]+\z/i
- Test it and ensure the regex is still working as expected.
- Ship it 🚢 and relax 🌴